API Service Account - Best Practice?

nickydd9
Getting noticed

API Service Account - Best Practice?

Just want some clarification on best practice regarding interacting with third-party applications like Cisco Security Connector and Cisco Umbrella. Currently using my own API key to integrate with these apps. If this was for an actual company and I was to leave the company, or something of that nature, it may cause downtime in order to shift to the replacement hires API key. 

 

Would best practice be to setup a dashboard admin / dashboard user as a "service account" and use that accounts API key for third-party app integration? Does anyone have any tips around this?

1 REPLY 1
Nash
Kind of a big deal

In my office, we create an individual service account for each third party tool.

 

This way, should someone leave, the integration doesn't fail due to a surprise inactive API key.

 

All of our integrations are used with all our clients by design, so I used https://github.com/meraki/automation-scripts/blob/master/manageadmins.py to copy my permissions for each service account. I have full org permissions on the applicable clients.

Get notified when there are additional replies to this discussion.