Manage using dashboard¶
Login to Jazer’s dashboard. Select an application and open API keys page using left sidebar menu item .
Create an API key using toolbar item . Dialog will be shown asking for an API key name. Give it a name and click on the create button. Result will be a new API key without permissions. API key will have unique ID and secure ID.
To enable client to access certain endpoint, permission has to be added.
There are two ways to add a permission:
- add new blank permission using toolbar item
- add with wizard using toolbar item
Blank permission will have empty path, all methods will be disallowed and ACL will be turned off. Fill path as a regular expression, select methods to allow and adjust ACL to client needs.
Wizard simplifies permission creation. It consists of 3 steps:
Step #1 - select module and fill module specific properties. Resource module requires to specify type for which to generate permissions. Type my.type is used for this demonstration.
Step #2 - choose module operations, i.e. permissions to allow. Each module has its own set of operations. Resource module provides a lot of operations, therefore list is quite long. Operations search, read and update are chosen as an example.
Step #3 - protect permissions with ACL or not. Every permission produced by wizard will have ACL on or off based on toggle in this step.
Produced permissions will not be 1-to-1 mapping based on operations. Permissions will be merged if possible. Operation read and update use the same path. Therefore only one permission is generated with allowed methods GET and PATCH for these two operations.
Wizard can be used multiple times for the same API key. Wizard will never modify or remove existing permissions. It will only append produced permissions. They can be afterwards modified or removed as any other manually added permissions.
To remove a permission, select it and use toolbar item .
A permission with enabled ACL can be further configured using item . ACL configuration dialog will be shown with endpoint and document access lists.
Endpoint access list is a black or a white list controling which users have access to the endpoint.
Document access list is a black or a white list controling which users undergo document ACL.
Adding and removing users and/or user groups to lists can be achieved using toolbar items and .
When you are done making changes to the API key and would like to save changes use toolbar item .
Select an API key in the API keys list and click on the toolbar item . Confirmation dialog will be shown with cancel and delete buttons. Choose delete to permanently remove API key.
Clients using deleted API key will no longer have access. For clients to gain access afterwards, new API key has to be created and clients have to be instructed to use new API key.