0

AIO API key management suggestion
Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.

AIO API key management suggestion

by dogboy on Sun Dec 06, 2015 10:37 pm

It would be useful to have multiple API keys. A typical pattern which might work well with AIO would be to have a pair of keys for each feed, one with read+write access and one with read only access to the feed. These feed keys would grant no other rights. The read key could be safely shared for feeds that are public. For MQTT read would mean subscribe and write would mean publish.

The current single key could become a master API key which would grant rights to do anything the user can do (as it currently does).

The Settings section of AIO already uses plural to refer to keys so perhaps this is something already being considered.

(Happy to log in GH issues if that's preferred, started here as the forums are pretty active and the GH issue threads less so)

dogboy
 
Posts: 4
Joined: Sun Dec 11, 2011 10:28 am

Re: AIO API key management suggestion

by jwcooper on Fri Dec 11, 2015 2:52 pm

Thank you for the suggestion.

Our back-end supports this right now, and your current key is indeed the master key. We just don't have the UI built out for it yet.

It's mostly just a matter of time until we can design and build the front-end and test the api for supporting multiple keys at the user, feed, and group scopes.

jwcooper
 
Posts: 666
Joined: Tue May 01, 2012 9:08 pm

Please be positive and constructive with your questions and comments.