namespace ZB.MOM.WW.MxGateway.Server.Security.Authentication;
public interface IApiKeyAdminStore
{
///
/// Creates a new API key asynchronously.
///
/// API key creation request.
/// Cancellation token.
/// Completed task.
Task CreateAsync(ApiKeyCreateRequest request, CancellationToken cancellationToken);
///
/// Lists all API keys asynchronously.
///
/// Cancellation token.
/// List of API key records.
Task> ListAsync(CancellationToken cancellationToken);
///
/// Revokes an API key asynchronously.
///
/// Key identifier.
/// Revocation timestamp.
/// Cancellation token.
/// True if revoked; otherwise false.
Task RevokeAsync(string keyId, DateTimeOffset revokedUtc, CancellationToken cancellationToken);
///
/// Rotates an API key secret asynchronously.
///
/// Key identifier.
/// New secret hash.
/// Rotation timestamp.
/// Cancellation token.
/// True if rotated; otherwise false.
Task RotateAsync(
string keyId,
byte[] secretHash,
DateTimeOffset rotatedUtc,
CancellationToken cancellationToken);
///
/// Permanently deletes an API key, but only if it is already revoked. Active keys are
/// untouched (returns false) so an admin cannot delete a working credential without
/// first revoking it — that preserves the audit trail and forces the revoke event to
/// land in the audit log before the row disappears.
///
/// Key identifier.
/// Cancellation token.
/// True if a revoked key was deleted; false if the key is missing or active.
Task DeleteAsync(string keyId, CancellationToken cancellationToken);
}