Forum Discussion

Jeffrey_McGover's avatar
8 years ago

Create role for API only user

Problem

I have a datasource that collects information from the LogicMonitor API. In order for this to work correctly I need a valid user on the LM platform with a valid API token. I can see two potential paths forward.

Case 1 - Use my existing account as the datasource author with my API token. This has a big downside that if I have to leave the company for any number of reasons and my account gets disabled this datasource will stop working and is customer facing. This is probably not so good.

Case 2 - Create a 'service account' inside LogicMonitor that can have its' own API token and if any one human needs to leave the company there really is not a big problem. The issue with this is that this user has a username and a password that can grant it access to the UI under all the permissions granted by the role but this account should/will never be used within the UI. This also generates a potential security problem because the password will most likely never be rotated because as long as the API user and token work this is simply going to sit there.

Request

Be able to create a new user type of 'API only' which will never have access to the UI and therefore you should not have to set any of the UI specific information for the account.

This would remove the need for any of this information under that account:

First/Last name/Email/Password/Force password change/2-factor/Phone/SMS/SMS Email format

 

  • Sarah_Terry's avatar
    Sarah_Terry
    Icon for Product Manager rankProduct Manager

    Hi Jeffrey,

    Thanks for posting & sharing the detail around your use case.  An API only user type makes sense for case 2, and because tokens are already restricted to API access (i.e. can't be used to log into the UI) we'd really just be changing the information required for that user type.  We'll look into getting this into our pipeline.

    Thanks!

    Sarah

  • Hey Sarah,

    I picked it up in the release notes and have already started looking at how to implement some of my existing users under this new type. 

     

    Thanks for the heads up!