Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document the scope of API Keys #42

Closed
zaanposni opened this issue Sep 15, 2023 · 4 comments · Fixed by #253
Closed

Document the scope of API Keys #42

zaanposni opened this issue Sep 15, 2023 · 4 comments · Fixed by #253
Assignees
@h4l-yup

Comments

@zaanposni
Copy link
Contributor

zaanposni commented Sep 15, 2023
edited
Loading

I created an API key to test some stuff in postman and noticed that not all endpoints are actually allowing authentication via API keys.

{
    "statusCode": 401,
    "message": "Invalid jwt",
    "error": "Unauthorized",
    "path": "/api/projects/1/channels/"
}

Since you create those API keys in the project scope, I felt like this would be a logical step.

If this is not intended by you, I would suggest to document this and add a warning/info field in the client.
@h4l-yup h4l-yup self-assigned this Sep 15, 2023
@h4l-yup
Copy link
Contributor

h4l-yup commented Sep 15, 2023

@zaanposni

There are two types of API keys and two types of API endpoints, so it might confuse you.

First type of API endpoint is 'opened' API endpoint.
There is only one endpoint for this type so far, 'creating a feedback' which must be able to be called from other applications.
Therefore it needs the 'API KEY' which I think you made.

Second type of API endpoint is just for user feedback front-end web site.
This type of endpoints use jwt internally and it can be made by 'sign in' API.
With this jwt token, you can call all the other endpoints.

@h4l-yup
Copy link
Contributor

h4l-yup commented Sep 15, 2023

As we do not have 'creating project' and 'creating channel' features in front page right now, you should get the jwt token from the signed in front web page and use it to create project and channel.

Sorry for inconvenience.

@zaanposni
Copy link
Contributor Author

Yes I was talking about the first type of keys.

My point is that the API Key Managment page in the frontend just seems like a normal API Key page that you can find in all kind of applications. So I thought that this API Key has admin access (or a similar role) to the whole project.

It just feels like that you are in the "project" scope and not the "create feedback" scope. This is merely a UX issue in my opinion.

I think a solution like this could be helpful:
image

@h4l-yup
Copy link
Contributor

h4l-yup commented Sep 15, 2023

Now I fully understand it.
I would talk to our team designer to add it.
Thanks for a good advice!

@chiol chiol linked a pull request Apr 12, 2024 that will close this issue
Fixes #42 #253
Merged
h4l-yup pushed a commit that referenced this issue Apr 24, 2024
@chiol
Fixes #42 (#253)
5391bb9 
* add api key help in api key setting

* change api key help
@github-project-automation github-project-automation bot moved this from In Progress to Done in abc-user-feedback public roadmap May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@h4l-yup h4l-yup

Labels
None yet
Projects
abc-user-feedback public roadmap
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #42 line/abc-user-feedback
2 participants
@zaanposni @h4l-yup