* Gunnar Guðvarðarson via db-wg > My main issue with API Keys is them being attached to SSO accounts. What > about when the employee leaves the company? > He gets removed from auth on the mntner, all the apps he set-up break? Making > admins hesitant about removing user access. > > API access needs to be bound to the mntner in some form imho.
Agreed. Well, one does not need to rule out the other - it ought to be possible to support both personal API keys (bound to an SSO account) and impersonal API keys (bound to an LIR and/or mntner). For what it is worth, the current API keys implementation *appears* to be impersonal, i.e., my colleague can see the API keys I created and vice versa. However, we can also see who created the keys in the first place. I did not test to see if all keys created by a specific user account would be removed if that user account is deleted or removed from the LIR account. Tore
