Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security request: Create limitations for API calls #2128

Open
Fmstrat opened this issue Aug 10, 2018 · 0 comments
Open

Security request: Create limitations for API calls #2128

Fmstrat opened this issue Aug 10, 2018 · 0 comments
Labels
APIv3 GitHub compatible API

Comments

@Fmstrat
Copy link

Fmstrat commented Aug 10, 2018

Issue

Impacted version: Latest

Deployment mode: Standalone behind nginx in docker

Problem description:
When using the API, there is no way to create limitations on access for a token. For instance, I would like to create a feature in my Mobile App to allow for submission of issues directly from the application.

However, the API key could be obtained from the source, and as it stands, this means that even if I set up a separate user as a "guest" they could still acquire any code from pull requests, and see all issues.

This request is to create different levels of tokens, one of which is to just create issues.
@takezoe takezoe added the APIv3 GitHub compatible API label Aug 11, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
APIv3 GitHub compatible API
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Fmstrat @takezoe