chore(docs): Add checksum validation

LauraBeatris · Apr 9, 2024 · a97de5f · a97de5f
1 parent 2c5cecd
commit a97de5f
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/docs/pages/design/node/index.md b/docs/pages/design/node/index.md
@@ -122,3 +122,16 @@ All API keys should be revocable, in case users accidentally expose it.
 Customers should be allowed to set a rolling transition period for key updates to prevent system failures upon immediate revocation, except in critical situations. Here's an example from Stripe:
 
 ![Stripe - Roll API key](https://i.ibb.co/0y5rv9w/76c95f5b-d1b5-4623-8564-7adae623f9c1.png)
+
+#### Checksum validation
+
+It's a good practice to add a checksum to API keys to reduce latency, as key verification is crucial for every API call.
+
+Here's an example:
+```
+example_b7d9c32y98e5432abc5f6def0yyyy_4241314
+```
+
+The checksum `_4241314` allows to quickly validate keys in the request pipeline, rejecting invalid ones to reduce load on the API key store.
+
+That checksum can also be a signed hash. The signing authority can be confident whether it was generated by system, and rejecting invalid keys without doing a database check.