• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 25 subscribers
  • Views 593 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

API Application Key Requires a Reference to an Active Tech's Username

mike.grim

I am planning to make use of the WHD API and found that I can create an Application API key that is not tied to a specific Tech's account. However, when using the application API key, it requires you to submit a username of any enabled Tech account.

Since this is the case, I don't understand the functional difference between a Tech's private API key and an Application API key. If you can put in ANY Tech account username, what is the point of even asking for one?

Also, I would prefer to not have to tie our application to a specific Tech account. If they leave and their account is disabled, this would break the application. I would just use the 'admin' account, but we disable it to save a license. Will I need to therefore purchase a license to use the API for an internal application?

Thank you,

Mike

Parents
  • 0

    I think the API should be tied to a TECH account for auditing purposes, we have used a specific Tech license for this and the username is "API" so yes consumes one of your licenses.

  • 0 in reply to pabely

    There is already a Tech API key functionality. You can certainly do that if you want.

    However, the product has a somewhat poorly implemented application API key which is what most organizations would rather use for automation purposes. Using application keys is the standard and can be tied to an application if they want to audit the key's use. It is in no way less secure than tying it to a Tech account as long as you follow the appropriate standards.

Reply
  • 0 in reply to pabely

    There is already a Tech API key functionality. You can certainly do that if you want.

    However, the product has a somewhat poorly implemented application API key which is what most organizations would rather use for automation purposes. Using application keys is the standard and can be tied to an application if they want to audit the key's use. It is in no way less secure than tying it to a Tech account as long as you follow the appropriate standards.

Children
No Data

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.