In order to use the PagerDuty REST API, we must use an API key/token. According to the doc: https://support.pagerduty.com/docs/generating-api-keys
It can be a global API key providing access to the whole PagerDuty instance. Or a user API key providing access to resources based on the user permissions.
But PagerDuty also provides teams and advanced permissions. Because in a company we usually need more fine-grained permissions than global, and we may provide team-level permissions.
When a team needs to request the PagerDuty REST API:
- as an admin I can provide them a global API key: bad as it has too wide permissions
- as a team they can create a user API key for one of their user: but in a company users can have holidays, move to another team or leave the company => not reliable.
I would like to suggest to add a team-scoped API key. Any team manager will be able to create/disable/remove an API key on its team. The API key will have the permissions of the team’s managers.
For example in our company we would like our teams to use Terraform for managing their PagerDuty resources (services, escalation policies and so on). And we have to provide them global API keys to be able to create those resources => bad as they may make a mistake and update/delete other teams resources.