In Netcore Email API, considering the security of your APIs being shared across multiple members, we have introduced the role-based API access customisation.
Key features of Custom API Key
- Clients can now create multiple and delete API Keys
- API Key will not be visible on UI
- Clients can assign custom access to API Keys
- IP Binding
The custom API feature covers all the API endpoints available across various API version of Netcore Email API APIs. Refer the API Documentation here to know more about API endpoints.
Consider providing only a single API Key which can be retrieved from the user panel. This is a security concern if either the API key or the user panel credentials is compromised.
Providing clients with the ability to customising the access, to delete an existing API key and removing the visibility of the API key from the user panel mitigates this risk.
Hence this feature add ons to the sanity level check while sharing the API Keys.
Please Note : You should always copy and save the API keys at your end for future reference as the same will be hidden on the panel once generated.
IP Binding binds the API requests to an IP/set of IPs and makes sure that even if the API key is compromised, all request will be rejected in case the requests are coming from an IP not associated with the API Key.
Updated over 2 years ago