From 252c1e5d8b48b54d1745b36954f69644dcc4e091 Mon Sep 17 00:00:00 2001 From: Khaoula Ettaleb <49680698+ka0ula@users.noreply.github.com> Date: Wed, 17 Jul 2024 10:47:40 +0200 Subject: [PATCH 1/2] Update API keys --- docs/getting_started/manage_api_keys.md | 34 ++++++++++++------------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/docs/getting_started/manage_api_keys.md b/docs/getting_started/manage_api_keys.md index ac5c700aec..bead2f5dcc 100644 --- a/docs/getting_started/manage_api_keys.md +++ b/docs/getting_started/manage_api_keys.md @@ -8,48 +8,46 @@ An API key serves as both a unique identifier and a secret token for authenticat ### Uses of API Keys -- **Automation**: Automate various tasks and workflows within the platform, enhancing efficiency and productivity -- **Technical access**: Provide technical access for integrations and interactions without relying on the UI -- **Specific access control**: Grant precise permissions and access levels specific to the API key’s associated identity, ensuring that only authorized actions are performed +- **Automation**: Streamline various tasks and workflows within the platform, enhancing efficiency and productivity. +- **Technical access**: Facilitate technical access for integrations and interactions without relying on the UI. +- **Specific access control**: Grant precise permissions and access levels specific to the API key’s associated identity, ensuring that only authorized actions are performed. + ### Required for certain features Some features within the app require the creation of an API key, including: -- CTI interconnection: Connect with third-party tools for Cyber Threat Intelligence (CTI) sharing and integration +- CTI interconnection: Connect with third-party tools for Cyber Threat Intelligence (CTI) sharing and integration. - Playbooks: Utilize API keys within playbooks to execute automated responses and processes. -By using API keys, users can seamlessly integrate with Sekoia.io and leverage its capabilities to their full extent, ensuring secure and efficient operations. - +By leveraging API keys, users can seamlessly integrate with Sekoia.io and fully exploit its capabilities, ensuring secure and efficient operations. ## API keys listing To access the list of generated API keys in your community, you have to go to Settings > Workspace > API Keys. -On this view, you can: +In this view, you can: -- Search for an API key by using the search bar on top of the table -- Filter your API keys by status: `Active`, `Revoked`, `All` +- Search for an API key using the search bar on top of the table +- Filter your API keys by status: `Active`, `Revoked`, `Expired`, `All` - Add a new API Key by clicking on the button `+ API key` +API keys are listed by creation date (Most recently created). + !!! note Only users with admin roles and permissions have the right to create API keys. ## Create an API key -!!! Note - API keys can't be assigned built-in roles. - -!!! Note - One MUST first create a custom role before creating API keys. - +API keys are linked to permissions. -To create a new API key, you’ll have to: +To create a new API key, follow these steps: 1. Click on the `+ API key` button 2. Give a name and a description to your key (description should be more than 10 characters and less than 100 characters) -3. Select one or more **custom roles** to associate with your key depending on your need. For instance, if you want to use your key to retrieve information from the Intelligence Center, please select a custom role using one of the permissions `View Intelligence` or `View Intelligence with limited access` -4. Click on `Save` +3. Set an **expiration date**: Choose the desired expiration period from the available options (30 days, 180 days, 365 days, custom up to 1 year, or no expiration) +4. **Select permissions**: Specify the permissions you want to assign to the API key to ensure it has only the necessary access +5. Click on `Save` !!! Note The key will only be displayed once. We recommend you to save it into a vault. From 6cc8cb556167410384e2796584516f80351215bf Mon Sep 17 00:00:00 2001 From: Khaoula Ettaleb <49680698+ka0ula@users.noreply.github.com> Date: Wed, 17 Jul 2024 10:51:30 +0200 Subject: [PATCH 2/2] Update manage_api_keys.md add length of the API key + permission-based information --- docs/getting_started/manage_api_keys.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/getting_started/manage_api_keys.md b/docs/getting_started/manage_api_keys.md index bead2f5dcc..d4100c3615 100644 --- a/docs/getting_started/manage_api_keys.md +++ b/docs/getting_started/manage_api_keys.md @@ -22,6 +22,9 @@ Some features within the app require the creation of an API key, including: By leveraging API keys, users can seamlessly integrate with Sekoia.io and fully exploit its capabilities, ensuring secure and efficient operations. +!!! Note + Sekoia API keys are permissions-based, not role-based. + ## API keys listing To access the list of generated API keys in your community, you have to go to Settings > Workspace > API Keys. @@ -39,8 +42,6 @@ API keys are listed by creation date (Most recently created). ## Create an API key -API keys are linked to permissions. - To create a new API key, follow these steps: 1. Click on the `+ API key` button @@ -52,6 +53,9 @@ To create a new API key, follow these steps: !!! Note The key will only be displayed once. We recommend you to save it into a vault. +!!! Note + The length of the API key will not exceed 100 characters. + ## Revoke an API Key Revoking an API key will make it unusable. It’s rather easy to do but keep in mind that it’s an action that cannot be reversed.