API customizability for Auth and Deployments

Hey everyone!

Thanks for all the amazing work with the framework so far. I’m excited to see it grow and mature.

I have a use case where I need the api to be consumed by a web app as well as an SDK. I plan to handle the SDK authentication via API keys. The client for the request would likely be determined via headers - Authorization for the web app and x-api-key for the SDK. Is it possible to access the request headers in the api part of the app?

In the long term, it may be useful to have auth support for API keys or general support for providing custom auth logic in https://github.com/redwoodjs/redwood/blob/master/packages/api/src/functions/graphQLServer.ts

Along the same lines, I was also wondering if there are any plans to add support for customizable API deployments? For instance, it’d be nice to deploy an API as an express server that wraps Apollo for more complex APIs with custom middlewares. Currently, it might be possible to take the schema from makeMergedSchema and then use it in your own custom apollo express server, but that would break the integration with the redwood ecosystem. Eventually, it might help to have deployment flexibility inbuilt and provide the user with multiple deployment options or have the user provide their own deployment config.

I understand that Redwood is an opinionated framework and the deployment strategy of choice is serverless, but adding deployment flexibility would allow users to integrate with existing infrastructure and also deploy more complex APIs. In any case, happy to hear the team’s thoughts on this!

Let me know if something’s not clear or if there are any other questions in general!