It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Imposing more control over Statuspage API keys

 

As incident communication teams grow larger, Statuspage admins are often interested in restricting page permissions at the user level. These permissions include the ability to manage status pages, post or update incidents, or develop custom integrations.

Historically, all Statuspage users have had full access to all of these features - however, this level of access can become a risk for organizations with dozens, or even hundreds, of team members. We are committed to introducing more role-based access control (RBAC) features this year for Statuspage admins to solve this problem.

API keys are migrating to account owner control

As a first step, we are changing the way API keys are distributed and managed inside the product – so that account owners are in full control.

Today, every user has their own individual API key with full read/write access, which can be found on the API info page (in your user menu when you click your avatar). Any team member can use their key to manage the status page externally (risk of unauthorized use).

In addition, if a team member account is removed by admin and their individual key has been used for a custom integrationthe key is no longer active and the integration may break.

Starting February 2020, all API keys will migrate to the organization level – so only account owners have access to them. Other users will still be able to find supporting information on the API info page, but they will need to request an API key from the account owner.

After the migration, all existing API keys will remain functional, to ensure all custom integrations work without any interruptions. The only change is that they API keys will no longer “belong” to individual users, but to a Statuspage account as a whole.

We’ll be also adding some helpful tools to identify actively used API keys (“last used”), create additional keys, or remove unused ones.

- - - - -

If you have any questions, contact Statuspage support here.

9 comments

How will this look in the slack integration? Will the "user" making the update be removed completely from the Slack notification or will it say something else? 

Like Hannah_McKenzie likes this

Ross, 

For the updates made via Statuspage UI, there will be no change. For the updates made via API, it will show up in Slack channel like "<Your API key name> via the API updated component <Component Name> from Operational to Major Outage".

Account owner will have a way to set a meaningful name for every API key, from the "API info" page.

Like # people like this

This is an amazing improvement, we're looking forward to it!

Like # people like this

Do you have plans to allow for multiple owners? Thanks. 

Dave,

We do have plans along these lines, however not at the moment of API keys migration described here.

Victor, can you give me some pointers on how the API works? Also, how would this change affect slack integrations? 

Elie,

This article is a good place to start with Statuspage API. Slack integration won't be affected, please see some details in the comments above, in this thread.

Like # people like this

Wydaje się że wszystko się zmienia na lepsze.  Oby tak było 😉

Like Victor Dronov likes this

harıka program

Comment

Log in or Sign up to comment
Community showcase
Published in Statuspage

Try our new Incident Communication Template Generator

Your customers need to know when your software isn't working as expected - but knowing what to say or how to say it isn't always easy, especially in the heat of the moment. To help make incide...

885 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you