Generate a random string and store it in the database. As long and as complex as possible.
The keys should be associated with the user who created it. Therefore you can lookup the API key in the database and find out which user it is. You can use a middleware to authenticate via API key.
I never said you should store them as plain text. Encrypt them and when an API call comes in, decrypt the generated string to find out which access token it is.
Generate an ID for your access token then encrypt("ID" + "creation time") with your app secret.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Yes, I'd avoid JWTs here.
Store keys in plain text in the database? Seems like it might open up some kind of vulnerability.
I never said you should store them as plain text. Encrypt them and when an API call comes in, decrypt the generated string to find out which access token it is.
Generate an ID for your access token then encrypt("ID" + "creation time") with your app secret.