Hey everyone! It's that time again. It's been two weeks since we launched API Autosave as a part of Code.xyz, saving a lot of developers from losing the API building they'd be doing in their browser if they forgot to deploy. Today, we're launching a feature that should help people building Slack applications and more that want to restrict their API usage to a subset of IP addresses and / or authenticated users.
Introducing API Permissions
- API permissions allow you to delegate access control on a per-API basis within Standard Library
- These apply to APIs built from the Command Line or Code.xyz
- The interface is available from both our dashboard and individual API pages on Standard Library
- You can enable permissions, per user, IP (IPv4 address) or both to the following granularity;
- API Execution: Can execute the API from the HTTP(S) endpoint or using SDKs
- Documentation: All of the above, can also read documentation on Standard Library for the API
- Deployment: All of the above, can also retrieve code and deploy new versions of the API using our CLI or Code.xyz
- The default for permissions based on user type are as follows:
- All users, all API development environments: API Execution
- All users, all releases (unpublished): API Execution
- All users, all releases (published): Documentation
- All members of an organization, all APIs: Deployment
- Owner, all APIs: Deployment
- Basically — if you're part of an organization or own an API, you have Full Access (Deployment), otherwise you can only see published releases
- All APIs on the platform are accessible via HTTP(S), ACLs used to be configurable as a deployment feature, we've now turned this into a platform feature
Enabling Permissions from Standard Library
- Visit your Standard Library API Page (for example, https://stdlib.com/@keith/lib/tweetstorm/)
- If you're an owner of the API, you'll see a Manage Permissions button beside the favorite button
- Click to add permissions...
- In the top section you'll have the ability to Select a user, Select an IP range, what Permission Level you're enabling, and Environments the permission applies to (releases or development environments)
- By creating a permission entry, you whitelist the specific user x ip x permission x environment combination
Enabling Permissions from the Dashboard
- Visit your dashboard API services page
- Select your API that you'd like to modify the permissions of
- Follow the steps above with the dashboard interface
Reflection: ServerlessDays London
Upcoming: ServerlessConf San Francisco
We also think it's a great time to mention we're sponsoring ServerlessConf San Francisco! Come join us on July 29th at the Hackathon where we'll be giving away prizes or throughout the conference from July 31st, 2018 until end of the day on August 1st, 2018. We'll be giving away free t-shirts and swag as well. Looking forward to seeing you!
Thanks for keeping up to date with Standard Library and Code.xyz development! If you'd like to keep up with the latest news, follow us on Twitter, @StdLibHQ and if you're looking for help don't hesitate to join our developer Slack Workspace for help (click here for an invitation).
Thank you for reading and being a part of our journey,