core: implement API key authentication for vendors

## Problem
Vendors need a programmatic way to integrate with
StepFi. Wallet-based JWT auth is not practical for
server-to-server communication.

## What To Build

1. Create api_keys table in Supabase
2. CRUD endpoints for API key management
3. ApiKeyGuard for vendor endpoints

## Files To Touch
- src/auth/guards/api-key.guard.ts (new)
- src/modules/vendors/vendors.controller.ts
- src/modules/vendors/vendors.service.ts
- supabase/migrations/[ts]_api_keys.sql

## Acceptance Criteria
- [ ] API key generated and returned once
- [ ] Only hash stored in database
- [ ] ApiKeyGuard correctly authenticates
- [ ] Permissions enforced per key
- [ ] npm run build passes

## Mandatory Checks Before PR
- [ ] npm run build passes
- [ ] No any types
- [ ] Unit tests for ApiKeyGuard
- [ ] PR references this issue

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

core: implement API key authentication for vendors #34

Problem

What To Build

Files To Touch

Acceptance Criteria

Mandatory Checks Before PR

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

core: implement API key authentication for vendors #34

Description

Problem

What To Build

Files To Touch

Acceptance Criteria

Mandatory Checks Before PR

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions