API keys security

Question

API keys security

Monter opened this issue 10 years ago · 3 comments

Security: Your tool uses Master API key (you can edit and delete) instead of the Monitor-Specific API (read only) keys.
Master key returns all monitored objects, the transition to the Monitor-Specific keys requires the addition of each key separately. This makes it easier to decide which monitored objects you want to show.

Answer 1 · 2015-04-24T14:07:19.000Z

That would be a real pain to add 15+ keys

Answer 2 · 2015-04-24T14:42:25.000Z

Security is irrelevant...?

Answer 3 · 2015-04-24T15:32:59.000Z

No, but since the api key is kept serverside via a PHP variable it is very unlikely that anybody would be able to get it unless they had access to the files. If you make a pull request using Monitor-Specific keys ill gladly accept it!