Implement API-Key-based authorization

Status

In Review

Assign

Date

Priority

Normal

Type

Task

Tags

feature

Avg estimate

Related tasks

Parent

API Authorization

Subtasks

Blocked By

Bind all API actions to permissions

Blocks

Property

We need to gate our APIs behind authorization to prevent global access and potential related attacks. An API-key-based auth is the initial implementation we are thinking to have for simplicity.

Once we have permissions attached to all API actions (including CGA, CGL and the SDK) we an start creating API keys that contain these permission relationships.

For a preliminary implementation in S3 we should have an API endpoint in CGA (REST) that we can use to create these keys for our users. The permission for creating API keys should be bound to team members only (we can hard-code this for now).

Implement API-Key-based authorization

Status

In Review

Assign

Date

Priority

Normal

Type

Task

Tags

feature

Avg estimate

Related tasks

Parent

API Authorization

Subtasks

Blocked By

Bind all API actions to permissions

Blocks

Property

We need to gate our APIs behind authorization to prevent global access and potential related attacks. An API-key-based auth is the initial implementation we are thinking to have for simplicity.

Once we have permissions attached to all API actions (including CGA, CGL and the SDK) we an start creating API keys that contain these permission relationships.

For a preliminary implementation in S3 we should have an API endpoint in CGA (REST) that we can use to create these keys for our users. The permission for creating API keys should be bound to team members only (we can hard-code this for now).