Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,465,095
Community Members
 
Community Events
176
Community Groups

Imposing more control over Statuspage API keys

 

As incident communication teams grow larger, Statuspage admins are often interested in restricting page permissions at the user level. These permissions include the ability to manage status pages, post or update incidents, or develop custom integrations.

Historically, all Statuspage users have had full access to all of these features - however, this level of access can become a risk for organizations with dozens, or even hundreds, of team members. We are committed to introducing more role-based access control (RBAC) features this year for Statuspage admins to solve this problem.

API keys are migrating to account owner control

As a first step, we are changing the way API keys are distributed and managed inside the product – so that account owners are in full control.

Today, every user has their own individual API key with full read/write access, which can be found on the API info page (in your user menu when you click your avatar). Any team member can use their key to manage the status page externally (risk of unauthorized use).

In addition, if a team member account is removed by admin and their individual key has been used for a custom integrationthe key is no longer active and the integration may break.

Starting February 2020, all API keys will migrate to the organization level – so only account owners have access to them. Other users will still be able to find supporting information on the API info page, but they will need to request an API key from the account owner.

After the migration, all existing API keys will remain functional, to ensure all custom integrations work without any interruptions. The only change is that they API keys will no longer “belong” to individual users, but to a Statuspage account as a whole.

We’ll be also adding some helpful tools to identify actively used API keys (“last used”), create additional keys, or remove unused ones.

- - - - -

If you have any questions, contact Statuspage support here.

10 comments

How will this look in the slack integration? Will the "user" making the update be removed completely from the Slack notification or will it say something else? 

Like Hannah McKenzie likes this

Ross, 

For the updates made via Statuspage UI, there will be no change. For the updates made via API, it will show up in Slack channel like "<Your API key name> via the API updated component <Component Name> from Operational to Major Outage".

Account owner will have a way to set a meaningful name for every API key, from the "API info" page.

Like # people like this

This is an amazing improvement, we're looking forward to it!

Like # people like this

Do you have plans to allow for multiple owners? Thanks. 

Like Clive Lawrence likes this

Dave,

We do have plans along these lines, however not at the moment of API keys migration described here.

Victor, can you give me some pointers on how the API works? Also, how would this change affect slack integrations? 

Elie,

This article is a good place to start with Statuspage API. Slack integration won't be affected, please see some details in the comments above, in this thread.

Like # people like this

Wydaje się że wszystko się zmienia na lepsze.  Oby tak było 😉

Like Victor Dronov likes this

It looks like there is no rbac on the keys it's full access to the page. We have an audience specific page but there is no ability to have audience specific API users?

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events