Skip to content

Jamie Scaife

← Tell Us What You Think

My feedback

1 result found

  1. Permissions management for API Keys

    10 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Feature Requests » Feature Enhancements  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    started  ·  AdminAbe Avila (Senior Product Manager, Mailgun) responded

    Hi All,


    Role-based Access Control for API Keys is a new feature that is currently being developed. This will allow an admin user to create API keys using pre-defined roles which manage what level of access that API key has. Roles to choose from will be Analyst (Basic), Support, Developer, and Admin. This feature should be released in Q2 2024. 

    An error occurred while saving the comment
    Jamie Scaife commented  · 

    Security Feature:

    It should be possible to restrict the call types that your API key is able to make in order to reduce the impact of a leaked/breached key.

    For example, if my API key is accidentally exposed, an attacker could then go on to exfiltrate data from my account.

    If it were possible to lock down your API key so that it can only make certain call types, the impact of such a breach would be drastically reduced.

    For example, I could lock down my key so that it is only permitted to add/send emails to a particular mailing list. If the key were to be breached, the attacker would only have limited access, hopefully preventing a full-scale breach.

    Jamie Scaife supported this idea  · 

Feedback and Knowledge Base

(thinking…)