Expanding programmatic API access with permission-scoped keys

By Brad Higgins on

Graphic of repeating old-fashioned keys laid out diagonally against a bright yellow background

API keys with more permissions and more capabilities

You may now create API keys in Defined Networking’s admin panel to perform more tasks, such as programmatically retrieving audit logs or retrieving a list of the hosts added to your network. Each API key can also be limited by you to perform only the required operations.

Security is job 1

The security of our customers is always top of mind at Defined Networking. When designing new features into our product, we carefully consider the security of the feature we’re building. We also do our best to ensure our product features discourage their use in ways that might go unexpectedly wrong. This security-focused design and engineering mindset influences everything we do, such as the capabilities of the first API keys we introduced into the product.

The history

Defined Networking introduced API keys back in April of 2022, which enabled customers to programmatically add or remove hosts. Even though we built an API-first backend which exposes complete functionality to our web-based admin panel, we consciously chose to limit API keys to only host creation and deletion actions. Applying the principle of least privilege, we wanted to avoid building a product that encouraged users to create keys that can perform every possible action when only a single operation was desired.

What’s new

With this update, Defined Networking is introducing permission scopes associated with API keys. With permission-scoped keys, we’re also opening access to more API endpoints. Existing API keys are granted the permissions required to add, enroll and delete hosts that they already implicitly had. New permissions can be added to those existing API keys, or new API keys can be created that only allow access to specific actions.

A screenshot of the Defined Networking web admin panel showing the new API key form, with a field for name, and checkboxes for permission scopes like “hosts:create” and “hosts:read”

You can now create an API key to poll Defined Networking for audit logs, list the hosts on your network, create new roles, or edit firewall rules. We encourage you to limit your keys to only the privileges required for the task at hand, to minimize the risk to your network in the case of a lost key.

Check out the docs for details

For a complete overview of our API keys, permissions, and API’s now available for programmatic access, take a look at our documentation.

Nebula, but easier

Take the hassle out of managing your private network with Defined Networking, built by the creators of Nebula.

Get started