search

mirego / accent

The first developer-oriented translation tool. True asynchronous flow between translators and your team.
https://www.accent.reviews
BSD 3-Clause "New" or "Revised" License
1.3k stars 98 forks source link

Access rights of API keys #173

Closed ad-m closed 1 year ago

ad-m commented 4 years ago

Hej,

We are at the stage of choosing CAT software for our organization. In our organization we have a distributed system working in the architecture of microservices.

When launching the application, we intend to dynamically load translations to facilitate their updating process.

In this case, we see that the use of one API key for one project may not be sufficient, in particular if the API key has write access. This leads to a high risk for systems, as the compromise of one node leads to the compromise of many service instances.

Are there plans in this regard? If not, what are the recommended solutions for this use case?

Yours sincerely,

simonprev commented 4 years ago

No short term plan but this is an interesting feature to add on our pretty basic implementation of API keys. Since the API keys are implemented as normal user (with a bot flag), it will be easy to add API Keys management in the app.

ad-m commented 4 years ago

Is there an option at the API level to create additional user accounts with the bot flag to verify this approach before it is finally implemented?