docq icon indicating copy to clipboard operation
docq copied to clipboard
verified publisher icon docqai

CORE: API Key based authentication

Open janaka opened this issue 1 year ago • 0 comments

Current

The Web API only supports JWT token authentication based on user authentication. There's limited support for scenarios where a client app needs access the API without a user context (i.e. machine to machine). The main use case is for public access functionality such as bots/assistants/help docs Q&A.

Solution

We want to enable org admins to generate and mange API key.

  • Generate key
  • Give the key a name
  • choose expiry options ['1day', 7days, 30days, never expire]
  • delete a key (to revoke)
  • able to generate multiple keys
  • initially full scopes but in the future ability to limit scope.

janaka avatar Feb 26 '24 22:02 janaka