Hi,
Seems like a nice idea, but one can still access the API with the user
and password right? So what exactly are we achieving?
On 2024-09-24 09:03, Abhisar Sinha wrote:
Hi All,
I am working on this feature where Root Admin will get the option to
disable Api key/ Secret key based access for a User, Account, or a
Domain.
Api keys are primarily used for automation. It is the primary
authorization mechanism used by automation when password-based access
is not used.
This feature will be useful for Root Admins who may want to block
certain users/accounts from using them. Or the Admin may want to
disable Api key access for the whole domain and allow only for certain
users.
I've created a spec here :
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=323488155
Your comments and suggestions are greatly appreciated.
Thanks,
Abhisar
