This document outlines the various API endpoints and their associated permission categories, providing a clear reference for understanding the access control within our system.
Note: In the early days we are going to describe these concepts as things like 'instance_read' or 'instance_write', We realize these are confusing. Any questions about what permissions are attributed to what actions should be asked via our support channels.
Every API Key has a list of permissions associated with it. Every user has the ability to create keys with restricted permissions on their own account. Users can also create restricted keys in team environments using the team-centric endpoints.
The following json would create a user that has access to the specified categories. In this instance, someone with these permissions would be able to create an instance as well as access billing information
{
"api": {
"misc": {},
"user_read":{},
"instance_read": {},
"instance_write": {},
"billing_read": {},
"billing_write": {}
}
}
The following json would create restricted access to only the presented categories. In this example, someone with these permissions would be able to create an instance, but they would not be able to access billing information
{
"api": {
"misc": {},
"user_read":{},
"instance_read": {},
"instance_write": {}
}
}
You can see a full list of permission types as well as the endpoints attached to that permission below
The following permissions would allow a user to read the instance logs of instance id 1227 only
{
"api": {
"misc": {},
"user_read":{},
"instance_read": {},
"instance_write": {},
"billing_read": {
"api.instance.request_logs": {
"constraints": {
"id": {
"eq": 1227
}
}
}
}
}
}
The following permissions would allow a user to read the instance logs of instance id from $1 to $2. Apikeys using this feature have to be created using the CLI call create api-key
{
"api": {
"instance_read": {
"api.instance.request_logs": {
"constraints": {
"id": {
"lte": $1,
"gte": $2
}
}
}
}
}
}
{
"api": {
"instance_write": {}
}
}
{
"api": {
"user_read": {}
}
}
{
"api": {
"user_write": {}
}
}
{
"api": {
"billing_read": {}
}
}
{
"api": {
"billing_write": {}
}
}
{
"api": {
"machine_read": {}
}
}
{
"api": {
"machine_write": {}
}
}
{
"api": {
"misc": {}
}
}
{
"api": {
"team_read": {}
}
}
{
"api": {
"team_write": {}
}
}