Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit API Key scope #610

Open
1 task done
jpmeijers opened this issue Jan 8, 2024 · 0 comments
Open
1 task done

Limit API Key scope #610

jpmeijers opened this issue Jan 8, 2024 · 0 comments

Comments

@jpmeijers
Copy link

  • I have searched the issues of this repository and believe that this is not a duplicate.

Summary

Currently an API Key has access to everything under a tenant or ChirpStack instance. I want to limit the API key's scope to only allow certain API calls.

What is the use-case?

Security best practices dictate that clients (services) should have the least amount of access - only access to what is needed.

For example I want to create a service that is only interested in the ListGatewaysRequest RPC, and for security I do not want this service to also manage Applications and Devices. Maybe I even want to give the API Key to a third party, and only allow them to see data for gateways and not applications or devices.

Implementation description

When creating an API Key, allow to choose scopes that this Key will have access to.

Can you implement this by yourself and make a pull request?

No
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jpmeijers