Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for API keys #17

Closed
leegarrett opened this issue Jun 1, 2022 · 9 comments
Closed

Support for API keys #17

leegarrett opened this issue Jun 1, 2022 · 9 comments

Comments

@leegarrett
Copy link

leegarrett commented Jun 1, 2022
edited
Loading

Currently, inwx.collection.dns requires the username and password and a deactivated 2FA to work. These credentials are however also used to:

  1. Buy/sell/cancel/transfer new domains
  2. View previous invoices
  3. View invoice addresses
  4. (de)activate DNSSEC
  5. Transfer money from the account
  6. Buy/renew TLS certificates
  7. Enable 2FA to lock out the original user from the account
  8. ... and many more things

Those are all things I'd usually not want to do with the inwx.collection.dns ansible module.

The solution is support API keys, just like they are supported by other companies offering similar solutions. The workflow would be:

  • Generate an API key in the inwx.de webfrontend
  • Set fine-grained permissions to what the API key can and cannot do
  • Add the API key to the ansible-vault to be used there
  • Use the API key non-interactively for the use case
@schlamar
Copy link

I was in contact with INWX support about this topic. API keys are planned, however there is no ETA yet.

An alternative solution right now is that they can provide you an additional restrictive account with a custom set of permissions.

@yomofo2s
Copy link

Same issue here. I hope Inwx can provide API keys soonest!

@leegarrett
Copy link
Author

Hi, is there an update on when this might be implemented?

@inwx-developer
Copy link

Currently it's not planned for the near future because we have a good workaround already.

When you login to your INWX account, go to "User Management" and create a new user which you only use for API access. This user can have 2FA disabled and you can also define different permissions.

@leegarrett
Copy link
Author

Currently it's not planned for the near future because we have a good workaround already.

When you login to your INWX account, go to "User Management" and create a new user which you only use for API access. This user can have 2FA disabled and you can also define different permissions.

Nice, I didn't know this exists. This is what I was looking for.

@inwx-developer
Copy link

Additional users can be created and managed in the "User Management" area, therefore the issue is closed.

@pkoevesdi
Copy link

pkoevesdi commented Apr 25, 2024
edited
Loading

I'd like to bring this up again. It's totally annoying, that the new user has to have a first AND last name, an Email address, phone number and a postal address. This doesn't make sense for a machine, which an API user typically is.
Also, the available permissions are far too broad. I'd need only a permission to set a certain DNS record type, and only via API, no web gui access. Just enough to perform an DNS challenge via API.
So, to me, this is not closed at all, sorry.

@ddmler
Copy link
Member

ddmler commented May 7, 2024

We created a ticket internally to add api keys.

@pkoevesdi
Copy link

Thanks.
I consider the way OVH does it, quite exemplary:
Grafik
But, please add optional 2FA for the API keys too.

Is there some proposed release date already? Can this ticket be reopened again?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@schlamar @ddmler @leegarrett @pkoevesdi @inwx-developer @yomofo2s