"Read-only" API key idea #196
Comments
|
Hmmm, thinking that through more, we'd probably still need to ensure that "read only" API keys are limited to a single database. The use case is things like: For that kind of scenario, the API key shouldn't have access to do things like "get a list of all databases, including private ones", "read the data of (other) private databases", etc. So, limiting them to a single database seems like the right approach. |
|
Justin "I want to embed an API key in my serverless application, which reads [stuff] from database XYZ." is exactly my use case so.... yes please. M |
|
I tried to work around this by sharing a database with a second user with "read-only-access", and then using an API key from the second user. That didn't work. |
|
Ahhh. Yeah, this is still on the ToDo list (development has picked up again recently). @MKleusberg This is another potential thing you could look at. It has a need for React stuff too, if that's good. 😄 |
|
This has finally been implemented in a59f8dc now. |
|
Cool. I'm about to hit the sack here, but tomorrow I'll put time into reviewing and testing the change then potentially deploy it to production. 😄 |
@chrisjlocke mentioned that having "read-only" api keys would be useful.
There's an outstanding task to do fairly fine grained API keys, but that's going to take some time.
It would be pretty easy to implement read-only API keys (not fine grained) in the meantime.
eg "if the caller uses this API key, they can only query stuff"
The text was updated successfully, but these errors were encountered: