API key management | Product feedback

API key management

complete

Vladimir

Add the ability to create multiple API keys linked to the same organization and ability to rotate them.

September 1, 2023

Lago admin

marked this post as

complete

🚀 New API Key Security Features: Complete Control, Maximum Security
We’ve taken API security to the next level! Here's what we rolled out recently:
1️⃣ Rotate API Keys: Instantly or schedule rotations for seamless security.
2️⃣ Create Multiple API Keys: Manage access for different use cases effortlessly.
3️⃣ Delete API Keys: Remove unused keys to maintain a clean and secure environment.
But we didn’t stop there.
🎯 Granular Permissions for API Keys:
You can now define read, write, or read & write permissions for every object in the Lago API when creating or editing API keys. This feature ensures you have precise control over what endpoints are accessible and how they’re used.
Worth noting that some of those improvements were built as enterprise add-ons, so don't hesitate to reach out to the team if you need to gain access.
Docs: https://getlago.com/docs/guide/security/api-keys

Michael Ponrajah

marked this post as

in progress

This post was marked as

planned

Mathieu Déjean

Customer feedback - security requirements when multiple API keys are available: 
"in the last X hours...
...which IP addresses have used the API key?
...which API endpoints have been called with the API key?
...which resources have been read/created with the API key?"
See also https://getlago.canny.io/feature-requests/p/access-audit-logs