* Tore Anderson via db-wg <[email protected]> [2020-02-21 11:54]: > Hi WG. > > In the LIR Portal, at https://lirportal.ripe.net/api/, it is > possible to issue API keys for use with several different RIPE NCC > services. > > However, it is unfortunately not possible to issue API keys for the > two APIs that are used for database maintenance; Syncupdates and the > RESTful API. The documentation implies that the only authorisation > [sic] method for those APIs is MD5-PW.
Hello,
I would support a modern approach to authorisation with the WEB API.
I don't think it should be bound the LIR portal (as there might be
users who are not an LIR). But some sort of API-friendly
authentication for maintainers would be appreciated, maybe coupled to
SSO user accounts. Just sending the password as an URL parameter is
not really a modern approach, also you would need to change the
maintainer password every time someone leaves the company.
Best Regards
Sebastian
--
GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
signature.asc
Description: PGP signature
