Project

General

Profile

Actions

Defect #33470

closed

SECURITY IN API KEY

Added by Raul Lorenzo almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Plugin API
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

Hello everyone,

I have a redmine created where I have multiple clients.
One of them is asking me for the API code to integrate it with TestCollab.

The following questions arise:

a) Giving this password involves a risk to my other clients?
b) Could you give a personalized key for this project and not the global one?
c) For our part, would we have to do something for them to implement redmine in testcollab or simply send them the api key?

Thanks in advance.

Regards!


Hola a todos,

Tengo una redmine creado donde tengo varios clientes.
Uno de ellos me está pidiendo el código API para integrarlo con TestCollab.

Me surgen las siguientes preguntas:

a) ¿Dar esta contraseña implica un riesgo para mis otros clientes?
b) ¿Podría dar una clave personalizada para este proyecto y no la clave global?
c) Por nuestra parte, ¿tendríamos que hacer algo para que implementen redmine en testcollab o simplemente enviarles la clave de la API?

Gracias por adelantado.

¡Saludos!


Files

redn.jpg (499 KB) redn.jpg Raul Lorenzo, 2020-05-25 12:37
Actions #1

Updated by Marius BĂLTEANU almost 4 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid

Raul Lorenzo wrote:

Hello everyone,

I have a redmine created where I have multiple clients.
One of them is asking me for the API code to integrate it with TestCollab.

The following questions arise:

a) Giving this password involves a risk to my other clients?
b) Could you give a personalized key for this project and not the global one?
c) For our part, would we have to do something for them to implement redmine in testcollab or simply send them the api key?

Thanks in advance.

Regards!

1) The API key belongs to an user and it has the same permissions as the user at the API level (the API key cannot be used to log in the UI).
2) You can create a user with permissions only for that project.
3) It depends on how the integration works, from Redmine you can manage only user permissions for that API key.

Please use forum for questions.

Actions #2

Updated by Raul Lorenzo almost 4 years ago

I'm new to the forum, sorry, but I don't understand how it works.

In my redmine it only generates an API code IN GENERAL, it does not create one for each project ...

How can I have an API code only per project?

Actions #3

Updated by Go MAEDA almost 4 years ago

  • Status changed from Reopened to Closed

Please use forums for questions. Issues are used to report a bug, suggesting a new feature, or submitting a patch. Reading How to request help may be helpful for you.

Actions

Also available in: Atom PDF