User responsibilities in API key management
0% complete
Understand the capabilities and privileges of regular users, project managers, and subscription admins. Learn how each role interacts with API keys, the permissions they carry, and the responsibilities they hold.
Understand user responsibilities
Clearly defined roles and responsibilities in any system help each stakeholder understand their part in safeguarding. Awareness of these duties helps prevent unauthorized access and misuse of API keys, which might lead to data breaches and other security incidents.Regular users
A regular user has limited access to a project and its environment. They can have access to multiple environments or just a single one. By default, regular users cannot create API keys nor manage them. If regular users are given the Create a personal API key permission, they can create their own Personal API key. This way, they can automate their job and create custom integrations. However, keep in mind that the Personal API key mimics their own permissions. The API key won’t let them do more than what they already can. Regular users have no privileged access and could have limited capabilities depending on their role. If a regular user needs to create independent integration, they need to ask their project manager to share a Delivery or Management API key. Such API key should be created specifically for the purpose of the integration.Project managers
Project managers have access to the content and settings of all environments under a project. They’re responsible for creating new API keys and can share the API keys with regular users. For example, they can share a Management API key with a developer who needs to integrate a new service. Project managers can:- Activate and deactivate secure access for Deliver API.
- Activate and deactivate Management API.
- Access the Delivery API keys and Management API keys that have their own identity and are not restricted by the owner’s access.
- Access the API key overviews to perform regular access reviews.
- Regenerate a valid API key that’s close to its expiration date.
- Revoke any API key in case of a leak.
Subscription admins
Sign in with your Kontent.ai credentials or sign up for free to unlock the full lesson, track your progress, and access exclusive expert insights and tips!