Hi Tore, WG, I really do not see any benefits or reasons why we should change the API key system for the DB. Maybe I am missing something that you can elaborate on.
Additionally if this was to replace the existing system it would just make it unavailable for non-LIRs (such as orgs with PI resources) without any real reason. - Cynthia On Fri, Feb 21, 2020 at 11:54 AM Tore Anderson via db-wg <[email protected]> wrote: > Hi WG. > > In the LIR Portal, at https://lirportal.ripe.net/api/, it is possible to > issue API keys for use with several different RIPE NCC services. > > However, it is unfortunately not possible to issue API keys for the two > APIs that are used for database maintenance; Syncupdates and the RESTful > API. The documentation implies that the only authorisation [sic] method for > those APIs is MD5-PW. > > I propose that the API keys mechanism is extended to Syncupdates and the > RESTful API. > > The already existing default maintainer concept could be leveraged to > accomplish this (similar to how NWI-8 was implemented). That is, using > Syncupdates or the RESTful API with API keys will simply authenticate the > client as the LIR's default maintainer. > > Authorisation should remain handled by in-band mnt-* object attributes, as > is currently the case. > > It would be an acceptable limitation that API keys for database > maintenance are unavailable for LIRs without a default maintainer. > > Assuming the WG agrees that this is a good idea, I request an NWI. > > Tore > >
