Comment on page
StealthTest provides an easy way to manage your API Access. This ensures you never have to worry about how the API is being accessed
Accessing the Settings:
In Settings, you now have a new panel of options to control which endpoints in the API are available to the program or user accessing it.
Understanding Endpoint Control:
Within the API permissions panel, you'll find a list of endpoints that the StealthTestAPI provides. Endpoints are specific URLs (or URIs) that StealthTest exposes for interaction.
Controlling Endpoint Access:
- Immediate Updates: Any changes made to endpoint access are applied immediately without the need to regenerate the API Key. This ensures that your modifications take effect promptly.
- Minimum Endpoint Requirement: It's mandatory to have at least 1 endpoint always available. This ensures that if the API key is active there is 1 available endpoint.
- Disabling Endpoints: If you wish to restrict access to specific functionalities, you can disable corresponding endpoints. Disabling an endpoint means that it won't be accessible to any program or user.
Disabling the API Key (Optional):
- Complete Access Restriction: If you want to completely disable API access, you can choose to disable the API Key. This action revokes all access privileges, rendering the API inaccessible until re-enabled.
Best Practices for API Permission Management:
- Regular Review: Periodically review your API endpoints and access controls. Ensure that the permissions align with your current security policies and requirements.
- Least Privilege Principle: Follow the principle of least privilege, granting only the permissions necessary for specific tasks. Avoid giving unnecessary access to endpoints.
- Audit Trails (coming soon): Maintain logs and audit trails for API permission changes. This helps in tracking modifications and understanding who made the changes and when.