Management API v3 Keys
Management API v3 keys overview
In StatusHub Control Panel, each Team Member can generate and manage up to 10 API keys for StatusHub Management API.
Each key can be independently rotated if it's required for security reasons or removed if it's not needed anymore.
Depending on the use case and user needs multiple scenarios can be utilized:
Basic setup with one key
In basic example when user want to interact with StatusHub Management API in a single application or script one API key can be enough for simplicity.
Such key has exactly the same role and permissions and user so if an action is permitted in StatusHub Control Panel then it will also be permitted via API. Similarly, if user is not allow to perform certain actions in StatusHub Control Panel, same actions will through API will also be rejected.
If for example key has been exposed or due to security policy it needs to be changed, user can change the key with "Reset API Key" action.
Multiple API keys
If user plans on using the API keys in multiple applications or script, it is advised to use separate API keys for each application.
This way if one of the applications will be compromised, rotating the key for this application will not impact other applications. Similarly if the application is no longer needed, the API key can be then removed without affecting other applications.
Currently up to 10 keys can be created for each Team Member which means that each User can create up to 10 API keys in each account.
Multiple API keys with limit role
For more advanced scenarios it might be necessary due to security reasons to have an API key which role is lower than Team Member role.
For example if Team Member is an Admin on a Hub and plan to use the API key just to read data from Hub, it is more secure to limit the role of API key to read-only operations because if the key will compromised or otherwise leaked, any potential attacker will not be able to modify any data in StatusHub due to read-only role of the key.
Without the role limit anyone having access to the key will have same permissions as the Team Member so in this example it would be an Admin rights.
Effective role of an API key
Each API key by default has same permissions as the Team Member who owns this key.
Example A:
Permissions table for API key without limit role. |
Team Member role | Effective API key role |
| Hub A | No access | No access |
| Hub B | Admin | Admin |
| Hub C | Editor | Editor |
However if the key has limiting role set, the effective permissions might be different.
Example B:
Permissions table for API key with "Manager" limit role. |
Team Member role | Effective API key role |
| Hub A | No access | No access |
| Hub B | Admin | Manager |
| Hub C | Editor | Editor |
Another example for API key with Editor role
Example C:
Permissions table for API key with "Editor" limit role. |
Team Member role | Effective API key role |
| Hub A | No access | No access |
| Hub B | Admin | Editor |
| Hub C | Editor | Editor |
Because one Team Member can have access to multiple Hubs in one account and the roles of a Team Member is a subject to change the role limit dropdown is always showing all of the possible roles regardless of current actual roles of Team Member.
However the effective API key role can never exceed the role of a Team Member.
Please consider following example based on Example B:
Permissions table for API key with "Manager" limit role. |
Team Member role | Effective API key role |
| Hub A | No access | No access |
| Hub B | Editor | Editor |
| Hub C | Editor | Editor |
Even though the API key limit role was set to Manager, the effective API key role is limited to Editor because that's the Team Member role for that Hub. Same would happen if the API key role limit was set to Admin role:
Permissions table for API key with "Admin" limit role. |
Team Member role | Effective API key role |
| Hub A | No access | No access |
| Hub B | Admin | Editor |
| Hub C | Editor | Editor |