Hi
Can anyone please tell me how I can limit the rights an API key and request has? Have a rather urgent requirement to give out a key but I’m not sure how to restrict what the API request can read and write. The team in question need to write incidents to their own service.
Many thanks
Hi @david gray
The General Access API Keys have access to all objects in PagerDuty.
There are User Token API Keys, if your account includes advanced permissions. If the users who need access are all configured to the same team, one of them could create themselves a key and it would be limited to what those folks can see.
However, for stricter controls, you’ll probably want to look at using scoped OAuth keys. More on those are here.
We have some additional docs coming that will address additional use cases for OAuth and I’ll post those here when they go out.
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.