Jeffrey McGovern

Create role for API only user

Recommended Posts

Problem

I have a datasource that collects information from the LogicMonitor API. In order for this to work correctly I need a valid user on the LM platform with a valid API token. I can see two potential paths forward.

Case 1 - Use my existing account as the datasource author with my API token. This has a big downside that if I have to leave the company for any number of reasons and my account gets disabled this datasource will stop working and is customer facing. This is probably not so good.

Case 2 - Create a 'service account' inside LogicMonitor that can have its' own API token and if any one human needs to leave the company there really is not a big problem. The issue with this is that this user has a username and a password that can grant it access to the UI under all the permissions granted by the role but this account should/will never be used within the UI. This also generates a potential security problem because the password will most likely never be rotated because as long as the API user and token work this is simply going to sit there.

Request

Be able to create a new user type of 'API only' which will never have access to the UI and therefore you should not have to set any of the UI specific information for the account.

This would remove the need for any of this information under that account:

First/Last name/Email/Password/Force password change/2-factor/Phone/SMS/SMS Email format

 

  • Upvote 1

Share this post


Link to post
Share on other sites

Hi Jeffrey,

Thanks for posting & sharing the detail around your use case.  An API only user type makes sense for case 2, and because tokens are already restricted to API access (i.e. can't be used to log into the UI) we'd really just be changing the information required for that user type.  We'll look into getting this into our pipeline.

Thanks!

Sarah

Share this post


Link to post
Share on other sites

Hey Sarah,

I picked it up in the release notes and have already started looking at how to implement some of my existing users under this new type. 

 

Thanks for the heads up!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.