Jump to content

User-based API Keys

Recommended Posts

It would be greatly beneficial to have more flexibility with API keys, specifically the ability to grant users one or more API keys that could expire, be RW or RO, and possibly named.


The attached screenshot is from an IP Address tracking system named "Netbox." In my opinion, it has a fantastic API setup with all of the options I mentioned above. The API key is passed with the REST request in the Authorization HTTP header.



Link to comment
Share on other sites

Hi Ben,


Thanks very much for your request.


We assume our Windows Integrated version of the API is not appropriate for you, as this does not require API Keys, and gives the user the exact same permissions as per when they are logged into the UI?


Click Studios

Link to comment
Share on other sites

Correct, we have automated systems not capable of using the WinApi, and global API keys are not appropriate for our security policy. If a single key were compromised in any way, then we would need to touch every system that was using it... rather than simply revoke/generate a single key for a single service.

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...