Skip to main content

Overview

The access permissions on rostore service are granted by the api keys, configured in a special container stored in the rostore itself. Every api key can have a set of permissions associated with it. Api key can grant permissions to the rostore core functionality (store permissions) and can have more fine-granular permissions on the container level. See here for details.

The client identifies itself by the api key, which is provided as a http header (apiKey). The rostore service extracts this information on every request and checks if the client has permissions to execute the respective command.

Special API Keys​

Every rostore service has two special keys, which are provided in the service's rostore.properties file. see installation guide:

ROSTORE_ROOT_API_KEY=4e030824-08bf-4a0a-b6cb-bafa19406349

ROSTORE_PUBLIC_API_KEY=2fbce488-b62d-41e1-9eb7-edb01e58e2b0

The root api-key and the public api key.

The root one is a central api key, that grants some permissions to administrate the store. This api key is not required to exist in the api keys container on the store, but will be created there after store initialization. It should be used especially at the beginning when the store is initialized. This api key can be used to create other api keys and should not be broadly shared, as it can execute any operation on any container.

The public api key is a special key that is assumed when the client does not provide any api key in the request header. The permissions associated with such a key must be maintained in the api key container. So, this keys allows to grant to the unauthorized user some permissions on the rostore service.