Skip to main content

API Keys

Permissions associated with api keys are managed by the set of REST operations (see open api specification).

List all API key​

To execute this operation

Create a API key​

POST /admin/api-key to create a new api key. This operation will generate a new api-key and associate the permissions with it. Here is an example:

{
  "containerPermissions": {
    "test-container": [
      "READ",
      "LIST",
      "WRITE",
      "DELETE",
      "CREATE"
    ]
  }
}

This operation will create a new api key that can be used to access the test-container in any possible way: create new key-value pairs, override them, delete them and list them. Any operation on the keys and values withing this container will be allowed. The container itself can't be deleted though, only the keys within the container.

Additionally, if the same API key should be granted the permission to read the api key content and read the space usage metrics of the container and store itself, the storePermissions node can be added:

{
  "containerPermissions": {
    "test-container": [
      "READ",
      "LIST",
      "WRITE",
      "DELETE",
      "CREATE"
    ],
    "storePermissions": [
      "READ"
    ]
  }
}

In case an API key should be created that should allow to create new containers on the store the storePermissions can be extended as following:

{
  "containerPermissions": {
    "test-container": [
      "READ",
      "LIST",
      "WRITE",
      "DELETE",
      "CREATE"
    ],
    "storePermissions": [
      "READ",
      "CREATE"
    ]
  }
}

For the complete list of permissions please see here

Please, note that as any other record on the rostore, the API keys can be created versioned and can expire automatically. In this way some temporary permissions can be granted.

To execute this operation a client should provide an API key with a store-wide GRANT permission.

Update an API key​

To update a key a PUT /admin/api-key/{request-api-key} can be executed. An API key that is provided as a path parameter should be changed. The caller should also provide an API key with a store-wide GRANT permission. The content of the body is the same as the POST operation.

Get an API key​

To get a key a GET /admin/api-key/{request-api-key} can be executed. The permissions associated with API key provided as a path parameter will be returned. The caller should also provide an API key with a store-wide READ permission.

List the API keys​

To get a list of API keys a GET /admin/api-key/list can be executed. The caller should provide an API key with a store-wide LIST permission.

Repair a root API key​

In case if the access to the rostore service by the root key has been lost, e.g. because of misconfiguration, the root key entry in the store can be set back to the original state by executing GET /admin/api-key/repair-root. The caller should provide the root API key to execute the command.