API Key

On this page

todo:Describe API Key concept

Usage

Client MUST set Private-Token HTTP Request header and set it with proper Key in order to get access to protected API

Roles

datastream API

Access to DataStream

API:Role Description
datastream:administrativedomain ref:administrativedomain datastream <api-datastream-administrativedomain> access
datastream:alarm ref:alarm datastream <api-datastream-alarm> access
datastream:resourcegroup ref:resourcegroup datastream <api-datastream-resourcegroup> access
datastream:managedobject ref:managedobject datastream <api-datastream-managedobject> access
datastream:dnszone ref:dnszone datastream <api-datastream-dnszone> access
datastream:cfgping ref:cfgping datastream <api-datastream-cfgping> access
datastream:cfgsyslog ref:cfgsyslog datastream <api-datastream-cfgsyslog> access
datastream:cfgtrap ref:cfgtrap datastream <api-datastream-cfgtrap> access

NBI API

API:Role | Description
nbi:config | ref:NBI config API <api-nbi-config> access
nbi:configrevisions ref:NBI configrevisions API <api-nbi-configrevisions> access
nbi:objectmetrics ref:NBI objectmetrics API <api-nbi-objectmetrics> access
nbi:path ref:NBI path API <api-nbi-path> access
nbi:telemetry ref:NBI telemetry API <api-nbi-telemetry> access

Best Practices

  • Grant separate API Keys for every connected system
  • Grant separate API Keys for every developer, Restrict key lifetime
  • Grant separate API Keys for every external tester, Restrict key to short lifetime