Ben Claussen Posted February 26 Share Posted February 26 It would be greatly beneficial to have more flexibility with API keys, specifically the ability to grant users one or more API keys that could expire, be RW or RO, and possibly named. The attached screenshot is from an IP Address tracking system named "Netbox." In my opinion, it has a fantastic API setup with all of the options I mentioned above. The API key is passed with the REST request in the Authorization HTTP header. Link to comment Share on other sites More sharing options...
support Posted February 26 Share Posted February 26 Hi Ben, Thanks very much for your request. We assume our Windows Integrated version of the API is not appropriate for you, as this does not require API Keys, and gives the user the exact same permissions as per when they are logged into the UI? Regards Click Studios Link to comment Share on other sites More sharing options...
Ben Claussen Posted February 27 Author Share Posted February 27 Correct, we have automated systems not capable of using the WinApi, and global API keys are not appropriate for our security policy. If a single key were compromised in any way, then we would need to touch every system that was using it... rather than simply revoke/generate a single key for a single service. Link to comment Share on other sites More sharing options...
Mordecai Posted March 7 Share Posted March 7 +1 Ben Claussen 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now