Showing results for 
Search instead for 
Did you mean: 

Securing the Account API key

Executive Chef I
Executive Chef I

We are using the Recipe Lifecycle Management APIs for our CI/CD process. However, as you all know the API key (from Settings) not only gives access to the RLM APIs, but to all the other Workato APIs (essentially all recipe ops), which essentially is very powerful.

Any ideas on how we can limit the exposure? IP Whitelisting for the API key, the same as we have in the API Platform? Or limit the exposed APIs and have multiple keys?

Anyone from Workato with any suggestions? Tridivesh Sarangi , Deven Maru


Workato employee
Workato employee

Hi Manuel Roldan-Vega

Agree on broad scope of the single key giving access to all APIs. We have scoping feature in the roadmap where you will be able to generate multiple keys for different sets of features. Let me look into the details and the plan.