gregallensworth
commented
6 years ago This has been in place for some time: one master API key generated by default, and an ability to generate specific ones for specific needs, which may be revoked individually. The new part is the finer-grained control, that API keys have different access to different tables. Nice.
The key defined in CARTO_API_KEY is the only API key currently present: the master key. This API "governs API key management and provides unrestricted access to all the APIs and resources" and "should be kept as secure and safe as possible. Do not use it unless absolutely necessary"
- Option 1: ignore it
- The ETL script is using our one and only key, which has access to all APIs and which continues to work.
- No action required.
- Option 2: generate a new key just for the ETL
- Best practice, to have a revocable API key for this external app, and a master key which is never divulged
- Light difficulty: minutes of work to change a key and generate a key, then to change it in the ETL's Heroku settings
- no impact on CrashMapper, as it only uses SELECT queries on publicly-visible data, and does not provide an API key at present
- Optional additional task: regenerate the master key, as it has been used and pasted into other systems (Heroku, development PCs oof employees who have left)
- would impact anything using this API key, which should be nothing at all if ETL script gets its own key
https://carto.com/developers/fundamentals/authorization/
@gregallensworth related to discoveries in #eastcoastgreenway, it appears that CARTO rolled out an improved API key system where one can have multiple keys with different levels of access to different things.
Documentation is here: https://carto.com/developers/fundamentals/authorization/
Looks good, actually. BUT it appears possible that the single key we have by default is read only
So we need to enable write, maybe make a second key just for ETL