Main features¶
API key Management¶
Keymaker Key management API allows you to obtain the API key list, add new API keys to the list and remove API keys from it.
The most common operations to carry out with this API are to rotate an API Key and to Check the API keys age.
How to rotate an API key¶
- Create a new API Key
- Update the APIKey on the code of the Veridas application integration to start using the new one. Both the old and new keys are functional at this point so the applications will not be disrupted during this process
- Verify that the old API key is not used by any other applications, servers or platforms and then remove it from the Keymaker list
- Check that only the necessary API keys are in the list
How to check API Keys age¶
- Retrieve all available API keys by using the Keymaker API
- Review "created_at" field and verify the age of that API Key
- If you consider that the age is old enough for rotation, then please follow the steps in the previous section.
There is no hard limit for the age of an APIkey, but Veridas recommends not to exceed one year for security reasons.
IP Allow list Management¶
Keymaker IP management API allows you to obtain the configured IP allow list and to update it by adding or removing IPs from the list.
The IP addresses have to be defined and provided to the API in CIDR notation. For more information about this, we recommend the article https://www.ipaddressguide.com/cidr.
There are some restrictions in the IP addresses that can be added by the users:
- Must not belong to a private subnet (ie: 192.168.0.0/16)
- Must not belong to a reserved subnet (ie: 224.x.x.x)
- The mask used cannot be less than /16 (ie: /12, /8, etc)
- IPv6 is not supported
The most common operations to carry out with this API are to add a new IP address to the allow list and to review the allow list content.
How to add a new IP address to the Allow List¶
- Check that the IP address that wants to be added is not already added to the list
- Replace the allow list by adding the new IP address
- Check that the IP address exists into the allow list and verify that the service can be accessed by using it
How to do a periodical Allow List revision¶
- Obtain the allow list configured in every service available
- Review if all IP addresses are necessary
- If you consider that one or more of addresses are no longer necessary, you should replace the allow list with a new one where that addresses got removed.
- Verify that only the necessary addresses are configured