Jamie Scaife
My feedback
1 result found
-
10 votes
Hi All,
Role-based Access Control for API Keys is a new feature that is currently being developed. This will allow an admin user to create API keys using pre-defined roles which manage what level of access that API key has. Roles to choose from will be Analyst (Basic), Support, Developer, and Admin. This feature should be released in Q2 2024.
An error occurred while saving the comment Jamie Scaife supported this idea ·
Security Feature:
It should be possible to restrict the call types that your API key is able to make in order to reduce the impact of a leaked/breached key.
For example, if my API key is accidentally exposed, an attacker could then go on to exfiltrate data from my account.
If it were possible to lock down your API key so that it can only make certain call types, the impact of such a breach would be drastically reduced.
For example, I could lock down my key so that it is only permitted to add/send emails to a particular mailing list. If the key were to be breached, the attacker would only have limited access, hopefully preventing a full-scale breach.