API Auth Key

[ammills01]

Team,

I've deployed Presidio v1 at enterprise scale. We're starting to integrate with other teams internally and I'm showing them around how to use the API. In that exercise I've realized the CRUD calls for Custom Recognizers are open to anyone with access to the API. Have you all considered locking that down in any way? I don't know that we need to go so far as a Kerberos integration, maybe some sort of API Key requirement for those endpoints? Since I'm in need of this functionality, I may be able to contribute a solution to the problem (in v1). If you all have ideas, I'm all ears.

Regards,

Andrew Mills