Skip to content

What feedback do you have for our email service?

← General Feedback

API Key Permissions/Restrictions to Reduce the Impact of a Leaked Key

Security Feature:

It should be possible to restrict the call types that your API key is able to make in order to reduce the impact of a leaked/breached key.

For example, if my API key is accidentally exposed, an attacker could then go on to exfiltrate data from my account.

If it were possible to lock down your API key so that it can only make certain call types, the impact of such a breach would be drastically reduced.

For example, I could lock down my key so that it is only permitted to add/send emails to a particular mailing list. If the key were to be breached, the attacker would only have limited access, hopefully preventing a full-scale breach.

6 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Jamie Scaife shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

General Feedback: Security

Categories

Feedback and Knowledge Base

(thinking…)