DPL-169 Update existing Sequencescape v1 API key (C=M, V=3)

[harrietc52]

Describe the Housekeeping As a developer, I would like to update the existing API key for Sequencescape v1 API. This API key has not been updated in a while, and was likely the same API key as before PSD enabled HTTPS. Therefore, at some point, this API key might have been exposed and therefore it should be changed.

Who are the primary contacts for this story @harrietc52 @emrojo

Acceptance criteria To be considered successful the solution must allow:

• [ ] Consider how new and old API key will overlap / rotate. (i.e will both old and new key be valid for a period of time, then when will the old become invalid?) See API key rotation
• [ ] Generate a new API key for SS, to replace the existing API key.
• [ ] Store new API key in api_applications table or deployment project (?)
• [ ] For every request to the API, the middleware layer checks the API key is present and exists in the table
• [ ] Update any users/ applications/ services of SS v1 API with the new API key
• [ ] Add story to deprecate the old API key (after x months)
• [ ] Create documentation on how to add/ update API key to SS v1, so it can be easily repeated in the future

References DPL-698: Update Lighthouse API key

Additional context

There is a Sequencescape SS DB, to persist API keys. One record per calling app. The Main controller, checks the value of the API-KEY header in HTTP request. It confirms the header is in the DB table. Some calling applications are: Limber/ Samples Ex/ Labware, where there is a unique key per application.

See PSD's Security - next Steps for more information.

Application links here to find calling applications

See DPL-670 for v2 API updates

See DPL-670-2, DPL-670-5 and DPL-670-3 for some recent implementations of API keys calling SS