Skip to content
← Ideas and Feedback

Have an idea for a new feature?

Ideas and Feedback: Security

Categories

(thinking…)

Multiple api keys per account

Huge security risk to only have a singly read/write API key - I see there are suggestions for separate read/write one but realistically we should be generating keys per app and have the option to limit the scope to specific features or customers.

The API key gets transferred in the clear on PowerShell scripts to a customer device - so there really needs to be some improvements in this area.

54 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Matt Hardwick shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Lee Jones commented  ·   ·  Report

    This has been open since 2022 with no pickup? That's alarming.

  • Stephen Schillinger commented  ·   ·  Report

    I would also like to see this.
    Seems like a no brainer security feature that all of the other players have.

  • D 1 commented  ·   ·  Report

    Also of concern is that there are no permissions that can be set for the API Key and expiry dates of API keys.
    If multiple API Keys are able to be created, then permissions/roles of those API Keys would be good to have.
    For example...a API Key could be configured to only have read access to Assets, but not Tickets.

  • Matt Hardwick commented  ·   ·  Report

    *We need the option to create per app/per customer API keys.*

    There are talks here of having separate read/write API keys but it needs to go one further. We need the option to create multiple keys and define the scope, limiting the features available and/or per customer. Currently keys are transferred in the to customer devices when used in a script, and thus pose a security risk.