The next step, now that we have a good way to get to the user profile page, is to actually store these keys in the database. We're going to stick with a few simple design decisions first:
- Users can have 1 API key
- API keys are not shared
- API keys should just be strings
We will be based on that criteria, just create API keys as strings on the users' table and not worry about creating a separate table that joins to users. If you ever wanted to expand out this system too, for example, allow a user to create multiple API keys, you would want to instead store those in a separate table. You could probably use a table that stores the user ID and the API key to keep it simple, for perhaps make it more complicated ...