Jump to content

Permissions for generating API key


Valentijn Scholten

Recommended Posts

Hi,

 

Some users needs to use an API key with their password lists.

We have set the "Enable the 'Toggle Visibility of Web API IDs' menu for Password List Administrators only (if set to No, users with Modify rights will also have access to this menu):" to No

But the toggle visiblity remains greyed out for users with modify permissions.

I have now given the users admin permission on those list.

This allows them to toggle the visibility of the API key.

However, the API key is set to 'None'. They can access the API key tab in the properties of the list, but the 'Generate API key' button is greyed out.

 

What permissions must a user have to be able to generate an/the API key?

 

It looks like all API keys have to be generated by a Passwordstate system administrator?

 

I'm using build 8165

 

Valentijn

Link to comment
Share on other sites

No. In hindsight it's always easy, but I wasn't expecting a the api settings to spread across multiple pages.

I did try a search for "generate api key" though:

 

image.thumb.png.01fb1670580b25b504cd2973c015d0fe.png

 

Next question I got from the affected user is where they can see the WEB api documentation. Is this governed by the the same setting as generating an api key?

 

image.thumb.png.c733a5f23819c46bda8e04a6710132cd.png

 

 

 

 

Link to comment
Share on other sites

Quote

Next question I got from the affected user is where they can see the WEB api documentation. Is this governed by the the same setting as generating an api key?

 

Would you believe that the API documentation is actually tremendously well done? It hands-down beats the online documentation you guys have been showing in the screenshots!

 

Just visit your PasswordState's API URL, for example: https://passwordstate/api  or https://passwordstate/winapi

 

The same URL you call with API calls also includes the full documentation with code examples! How sweet is that?!

Link to comment
Share on other sites

Thanks, but the question is not where to find the documentation but how users can find it.

Currently the link in the help menu is hidden, even when the user has permission to toggle the API key visibility.

It seems that the visiblity of the menu item is linked to whether the user can generate api keys, where it might seems more logical to link it to the permission of being able to toggle the api key visibility?

 

Also, it only hides the link from the menu. The link still works, so it is not really a security control.

 

There may also be users that may want to consult the api documentation even if they do not _yet_ have permission to use it / see API keys.

 

So my suggestions:

- Make the link to api documentation always visible

- Make the search function in the help section return a pointer to the api documentation in some way.

Link to comment
Share on other sites

10 minutes ago, support said:

Hello Valentijn ,

 

The link in the Help menu is visible to all users by default - you must have changed this in the Feature Access menu in the Administration area?

 

Regards

Click Studios

 

Ah, so there's another setting somewhere controlling this. Thanks for letting me know, again couldn't find it using google, pdf, help search.

Link to comment
Share on other sites

Yup! You will find the menu-bar configuration under Administration > Feature Access > Menu Access.

 

There, you can define permissions for menu-blocks (Tools, Reports, Preferences, Help), but also per-item in each menu-block. In my case, I've set up the menus in such a way that my default users cannot see anything besides the "Request access..."  items in the Passwords menu. All the other options are reserved to administrators and senior users.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...