topic Securing the Account API key in Workato Pros Discussion Board https://systematic.workato.com/t5/workato-pros-discussion-board/securing-the-account-api-key/m-p/1578#M631 <P>We are using the Recipe Lifecycle Management APIs for our CI/CD process. However, as you all know the API key (from Settings) not only gives access to the RLM APIs, but to all the other Workato APIs (essentially all recipe ops), which essentially is very powerful. </P><BR /><P>Any ideas on how we can limit the exposure? IP Whitelisting for the API key, the same as we have in the API Platform? Or limit the exposed APIs and have multiple keys? </P><BR /><P>Anyone from Workato with any suggestions? <SPAN id="mob-widget-1634769960119" class="mention">Tridivesh Sarangi</SPAN> , <SPAN id="mob-widget-1634769965477" class="mention">Deven Maru</SPAN> </P> Thu, 21 Oct 2021 05:46:31 GMT mroldanvega 2021-10-21T05:46:31Z Securing the Account API key https://systematic.workato.com/t5/workato-pros-discussion-board/securing-the-account-api-key/m-p/1578#M631 <P>We are using the Recipe Lifecycle Management APIs for our CI/CD process. However, as you all know the API key (from Settings) not only gives access to the RLM APIs, but to all the other Workato APIs (essentially all recipe ops), which essentially is very powerful. </P><BR /><P>Any ideas on how we can limit the exposure? IP Whitelisting for the API key, the same as we have in the API Platform? Or limit the exposed APIs and have multiple keys? </P><BR /><P>Anyone from Workato with any suggestions? <SPAN id="mob-widget-1634769960119" class="mention">Tridivesh Sarangi</SPAN> , <SPAN id="mob-widget-1634769965477" class="mention">Deven Maru</SPAN> </P> Thu, 21 Oct 2021 05:46:31 GMT https://systematic.workato.com/t5/workato-pros-discussion-board/securing-the-account-api-key/m-p/1578#M631 mroldanvega 2021-10-21T05:46:31Z Re: Securing the Account API key https://systematic.workato.com/t5/workato-pros-discussion-board/securing-the-account-api-key/m-p/1579#M632 <P>Hi <A href="https://systematic.workato.com/workato-migration/users/2373552">Manuel Roldan-Vega</A> </P><BR /><P>Agree on broad scope of the single key giving access to all APIs. We have scoping feature in the roadmap where you will be able to generate multiple keys for different sets of features. Let me look into the details and the plan.</P><BR /><P>Best,</P><P>Deven</P> Thu, 21 Oct 2021 11:27:26 GMT https://systematic.workato.com/t5/workato-pros-discussion-board/securing-the-account-api-key/m-p/1579#M632 deven-maru 2021-10-21T11:27:26Z