accent icon indicating copy to clipboard operation
accent copied to clipboard

Published 20 hours ago verified publisher icon mirego

Access rights of API keys

Open ad-m opened this issue 5 years ago • 2 comments

Hej,

We are at the stage of choosing CAT software for our organization. In our organization we have a distributed system working in the architecture of microservices.

When launching the application, we intend to dynamically load translations to facilitate their updating process.

In this case, we see that the use of one API key for one project may not be sufficient, in particular if the API key has write access. This leads to a high risk for systems, as the compromise of one node leads to the compromise of many service instances.

Are there plans in this regard? If not, what are the recommended solutions for this use case?

Yours sincerely,

ad-m avatar May 04 '20 15:05 ad-m

No short term plan but this is an interesting feature to add on our pretty basic implementation of API keys. Since the API keys are implemented as normal user (with a bot flag), it will be easy to add API Keys management in the app.

simonprev avatar May 05 '20 00:05 simonprev

Is there an option at the API level to create additional user accounts with the bot flag to verify this approach before it is finally implemented?

ad-m avatar May 05 '20 04:05 ad-m