You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
As incident communication teams grow larger, Statuspage admins are often interested in restricting page permissions at the user level. These permissions include the ability to manage status pages, post or update incidents, or develop custom integrations.
Historically, all Statuspage users have had full access to all of these features - however, this level of access can become a risk for organizations with dozens, or even hundreds, of team members. We are committed to introducing more role-based access control (RBAC) features this year for Statuspage admins to solve this problem.
As a first step, we are changing the way API keys are distributed and managed inside the product – so that account owners are in full control.
Today, every user has their own individual API key with full read/write access, which can be found on the API info page (in your user menu when you click your avatar). Any team member can use their key to manage the status page externally (risk of unauthorized use).
In addition, if a team member account is removed by admin and their individual key has been used for a custom integration – the key is no longer active and the integration may break.
Starting February 2020, all API keys will migrate to the organization level – so only account owners have access to them. Other users will still be able to find supporting information on the API info page, but they will need to request an API key from the account owner.
After the migration, all existing API keys will remain functional, to ensure all custom integrations work without any interruptions. The only change is that they API keys will no longer “belong” to individual users, but to a Statuspage account as a whole.
We’ll be also adding some helpful tools to identify actively used API keys (“last used”), create additional keys, or remove unused ones.
If you have any questions, contact Statuspage support here.
Victor Dronov
Atlassian TeamProduct Manager
Atlassian
3 accepted answers
10 comments