backgroundbackground

API Key permissions

API key permissions define the specific access levels and capabilities granted to an API key. They control exactly what parts of an application's functionality or data the key can interact with.
background

API Key Permissions specify the precise authorization levels and functions of an API key. They determine which aspects of an application's data or functionality the key is allowed to access. When establishing an API key, system administrators allocate particular scopes or permissions that restrict access to certain endpoints and features.

When configuring permissions for an API key, administrators may choose from several access tiers:

  • No Access: Prevents the API key from interacting with any endpoints within the designated permission scope.
  • Read Access: Allows the API key to conduct GET requests, enabling it to obtain data without altering it.
  • Full Access: Permits the API key to perform GET, PATCH, PUT, DELETE, and POST requests, offering complete control over the specified scope.
  • Create, generate, and deactivate API keys.
  • Configure permissions for individual API keys to maintain data security.
  • Include subscriptions and modify billing information.
  • Oversee users and possess complete access to Customer Portal administrative capabilities.
  • Access the Customer Portal.
  • Monitor account usage and observe metrics.
  • Restricted API key management abilities in comparison to Admins.
  • Generate New API Keys: Establish multiple API keys.
  • Deactivate API Keys: Suspend keys.
  • Set Permissions: Establish permissions for each API key.
  • Granular Control of API Permissions: Allocate specific scopes and permissions to API keys to uphold Zero Trust and Least Privilege principles, reducing security vulnerabilities and blocking unauthorized access.
  • Implement Role-Based Access Control (RBAC): Employ RBAC to ensure users receive appropriate roles, such as Admin or User, according to their duties, sustaining proper access levels throughout the organization.
  • Adhere to Best Practices: Consistently review and rotate API keys, separate keys for distinct functionalities, and implement meaningful naming conventions to sustain a strong security stance and efficient access management.
  • Effectively Manage Access Levels and Authentication Methods: Select suitable access levels like No Access, Read Access, or Full Access for individual API keys, and utilize additional authentication methods to strengthen security and control over API interactions.