That's right. This will be useful for cases where 3rd Party authentication mechanisms are used instead of username-password based.
Thanks, Abhisar ________________________________ From: Nux <n...@li.nux.ro> Sent: Wednesday, September 25, 2024 5:02 AM To: us...@cloudstack.apache.org <us...@cloudstack.apache.org> Cc: dev@cloudstack.apache.org <dev@cloudstack.apache.org> Subject: Re: [Proposal] Disable API (apikey/secret-key) for users, accounts and domains Hi, Seems like a nice idea, but one can still access the API with the user and password right? So what exactly are we achieving? On 2024-09-24 09:03, Abhisar Sinha wrote: > Hi All, > > I am working on this feature where Root Admin will get the option to > disable Api key/ Secret key based access for a User, Account, or a > Domain. > Api keys are primarily used for automation. It is the primary > authorization mechanism used by automation when password-based access > is not used. > This feature will be useful for Root Admins who may want to block > certain users/accounts from using them. Or the Admin may want to > disable Api key access for the whole domain and allow only for certain > users. > > I've created a spec here : > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=323488155 > Your comments and suggestions are greatly appreciated. > > Thanks, > Abhisar