Manage using dashboard

Login to Jazer’s dashboard. Select an application and open API keys page using left sidebar menu item api-key-menu-item-icon.

Create

Create an API key using toolbar item create-icon. A dialog will be shown asking for an API key name. Give it a name and click on the create button. The result will be a new API key without permissions. The API key will have a unique ID and secure ID.

Update

To enable client to access certain endpoint, permission has to be added.

Add permission

There are two ways to add a permission:

  • add new blank permission using toolbar item add-icon
  • add with wizard using toolbar item wizard-icon

Blank permission will have empty path, all methods will be disallowed and ACL will be turned off. Fill path as a regular expression, select methods to allow and adjust ACL to client needs.

../_images/add-new-blank-permission.png

Wizard simplifies permission creation. It consists of 3 steps:

Step #1 - select module and fill module specific properties. Resource module requires to specify type for which to generate permissions. Type my.type is used for this demonstration.

../_images/add-with-wizard-permission-step-1.png

Step #2 - choose module operations, i.e. permissions to allow. Each module has its own set of operations. Resource module provides a lot of operations, therefore list is quite long. Operations search, read and update are chosen as an example.

../_images/add-with-wizard-permission-step-2.png

Step #3 - protect permissions with ACL or not. Every permission produced by wizard will have ACL on or off based on toggle in this step.

../_images/add-with-wizard-permission-step-3.png

Produced permissions will not be 1-to-1 mapping based on operations. Permissions will be merged if possible. Operation read and update use the same path. Therefore only one permission is generated with allowed methods GET and PATCH for these two operations.

../_images/add-with-wizard-permission-result.png

Wizard can be used multiple times for the same API key. Wizard will never modify or remove existing permissions. It will only append produced permissions. They can be afterwards modified or removed as any other manually added permissions.

Remove permission

To remove a permission, select it and use toolbar item remove-icon.

../_images/remove-permission.png

Configure ACL

A permission with enabled ACL can be further configured using item configure-acl. ACL configuration dialog will be shown with endpoint and document access lists.

Endpoint access list is a black or a white list controling which users have access to the endpoint.

../_images/acl-endpoint-access-list.png

Document access list is a black or a white list controling which users undergo document ACL.

../_images/acl-document-access-list.png

Adding and removing users and/or user groups to lists can be achieved using toolbar items add-icon and remove-icon.

When you are done making changes to the API key and would like to save changes use toolbar item save-changes-icon.

Delete

Select an API key in the API keys list and click on the toolbar item delete-icon. Confirmation dialog will be shown with cancel and delete buttons. Choose delete to permanently remove API key.

Warning

Clients using deleted API key will no longer have access. For clients to gain access afterwards, new API key has to be created and clients have to be instructed to use new API key.