User responsibilities in API key management

Daniel Filakovsky, Jan Cerman

2 minutes

0% complete

Understand the capabilities and privileges of regular users, project managers, and subscription admins. Learn how each role interacts with API keys, the permissions they carry, and the responsibilities they hold.

Clearly defined roles and responsibilities in any system help each stakeholder understand their part in safeguarding. Awareness of these duties helps prevent unauthorized access and misuse of API keys, which might lead to data breaches and other security incidents. A regular user has limited access to a project and its environment. They can have access to multiple environments or just a single one. By default, regular users cannot create API keys nor manage them. If regular users are given the Create a personal API key permission, they can create their own Personal API key. This way, they can automate their job and create custom integrations. However, keep in mind that the Personal API key mimics their own permissions. The API key won’t let them do more than what they already can. Regular users have no privileged access and could have limited capabilities depending on their role. If a regular user needs to create independent integration, they need to ask their project manager to share a Delivery or Management API key. Such API key should be created specifically for the purpose of the integration. Project managers have access to the content and settings of all environments under a project. They’re responsible for creating new API keys and can share the API keys with regular users. For example, they can share a Management API key with a developer who needs to integrate a new service.

Project managers can:

Activate and deactivate secure access for Deliver API.
Activate and deactivate Management API.
Access the Delivery API keys and Management API keys that have their own identity and are not restricted by the owner’s access.
Access the API key overviews to perform regular access reviews.
Regenerate a valid API key that’s close to its expiration date.
Revoke any API key in case of a leak.

A subscription administrator can do the same things as a project manager. As long as a user is a subscription admin, they automatically become a project manager in all projects under a subscription.Subscription admins are the only ones with access to the Subscription API and the Subscription API key, which provides unlimited access to all projects within a subscription. Thanks to that, they can deactivate or activate users on the subscription level across all projects at once.

Sign in

Understand user responsibilities

Regular users

Project managers

Subscription admins

Understand user responsibilities

Regular users

Project managers

Subscription admins

Sign in with your Kontent.ai credentials or sign up for free to unlock the full lesson, track your progress, and access exclusive expert insights and tips!