• Categories
  • Recent
  • Tags
  • Popular
  • Solved
  • Unsolved
  • Users
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Darkly)
  • No Skin
Collapse
brainCloud Forums

MyServers Permission

Scheduled Pinned Locked Moved Unsolved General
3 Posts 2 Posters 17 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N Offline
    N Offline
    noah
    wrote last edited by
    #1

    hi.

    customers require access control for API Keys.
    A feature is needed to restrict the range of APIs that can be called on an API Key basis.
    In MyServers, there is no way to handle this other than using IP addresses.

    1 Reply Last reply
    0
  • Paul WinterhalderP Offline
    Paul WinterhalderP Offline
    Paul Winterhalder brainCloudAdmin
    wrote last edited by
    #2

    Hi @noah,

    I agree that this would be a good feature.

    I've been doing some thinking on it...

    What if we could restrict an S2S server to only being able to call a specific set of scripts? That way you would be in full control as to the scope of the API that you are making available.

    Would that work for your use case?

    Paul.

    1 Reply Last reply
    0
  • N Offline
    N Offline
    noah
    wrote last edited by
    #3

    hi. @Paul-Winterhalder
    yes, permissions to call specific scripts and access control for Services and Operations regarding the generally provided functions are required.
    For example, there may be management tools that call specific scripts and use certain functions (CloudData...),
    and there may be administrators who only manage items.
    If possible, each API Key should be a function with permissions tailored to the situation.

    Let me give you an example. A company utilizes a mix of office and remote work. While the internal network can be protected to some extent by IP ranges, it is difficult to identify specific IPs because multiple operators work from home. Therefore, it is currently somewhat difficult to handle this situation using only IPs.

    1 Reply Last reply
    0

  • Login
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Solved
  • Unsolved
  • Users