Details

    • Story
    • Resolution: Duplicate
    • Neutral
    • None
    • None
    • None
    • None

    Description

      As a Developer, I can create API token which will then be used by external software to access the REST endpoints (Delivery, nodes, properties, GraphQL).

      (API Key, Access Token)

      Capabilities:

      • An API token can control which endpoints can be accessed.
      • A GUI to manage tokens: Create, List and Revoke
      • User or Administrator can deactivate a token, then no REST requests using it will work.
      • The current user based authentication continues to work. If a request is made with no token, then the current security practices apply.

       

      Notes:

      Behind the scenes, keys might be implemented via standard magnolia security concepts. We should implement the API token concept because it is an established best practice in web world for API's.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                czimmermann Christopher Zimmermann
                Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoD