Let’s look at an example app for allowing your users to manage domains.

As part of the API, your users will be able to perform CRUD operations against domains or individual dns records.

1

Creating permissions

Users of our app can have the following permissions:

  • domain.delete_domain
  • domain.dns.create_record
  • domain.dns.read_record
  • domain.dns.update_record
  • domain.dns.delete_record
  • domain.create_domain
  • domain.read_domain
  • domain.update_domain

Create them in your dashboard.

2

Creating roles

And we define the following roles:

  • admin: An admin can do everything
  • dns.manager: Can create, read, update and delete dns records but not access the domain itself
  • read-only: Can read domain or dns record information.

Create them in your dashboard too.

3

Connecting

For each role, we need to connect the permissions it should have. Go to /app/authorization/roles and click on the role to go to the permissions screen.

4

Create a key

Now that we have permissions and roles in place, we can connect them to keys.

  1. In the sidebar, click on one of your APIs

  2. In the breakcrumb navigation on the top click Reqests and then keys

  3. Select one of your existing keys by clicking on it

  4. Scroll down to the Roles section if not visible

You should now be on /app/keys/key_auth_???/key_???

You can connect a role to your key by clicking on the checkbox.

Let’s give this key the dns.manager and read-only roles. A toast message should come up in the lower corner when the action has been completed.

As you can see, now the key now contains 2 roles and 5 permissions shown just above the Roles section:

5

Verifying Permissions

Now you can verify this key and perform permission checks. Read more

Was this page helpful?

Suggest editsRaise issue