ASM API Permissions/Passwords
Article ID: 224278
Updated On:
Products
Issue/Introduction
1) With the v3 api , is it possible to restrict users accessing the api? (Set permissions)
2) how do you set up the api password if SSO is enabled.
Environment
Release : SAAS
Component :
Resolution
Answers from Engineering
1) No. APIv3 is available to all users who have access to ASM. However, users can perform only actions they can in the UI (everything is permission driven). In the future, the whole UI ASM application could be built on top of the APIv3 - all the logic will be moved from UI application to the APIv3.
2) There are 3 ways of authentication for APIs:
a) old API credentials. The same credentials you use for the old API, can be changed in the UI, even for SSO authenticated users. This could be removed in a future release.
b) API token
c) OAuth2 token (
For now, you need the old API credentials or your UI access token (from cookies) to create tokens 2b and 2c. In the future, there could be a frontend application for token management.
Feedback
