Meraki

Community

Is it possible to add authentication process to limit access to the dashboard?

Solved
hcoq
Conversationalist
‎Jun 16 2021 6:40 AM
‎Jun 16 2021 6:40 AM

Is it possible to add authentication process to limit access to the dashboard?

Hello, I have been working on the Meraki dashboard since a few months and I am trying to configure it through the python API, which is working well. I have noticed that through those API calls I never had to give my credentials for a Meraki account. Therefore I think that anyone who manage to steal my API key can manipulate my network as he/she wants. Is there a way to secure that connexion between python API and dashboard?

Labels:
0 Kudos
1 Accepted Solution
In response to hcoq
Bruce
Kind of a big deal
‎Jun 16 2021 1:56 PM
‎Jun 16 2021 1:56 PM

Your API key is your authentication to the Dashboard. Think of it as your username and password all wrapped up into a single non-comprehendable string of characters, and treat it with the same respect. I get what you are saying, but your API key is everything in the Meraki APIs at the moment. This is why you’re only ever shown it once when you generate it, never to see it again - you need to keep it secure.

View solution in original post

7 Replies 7
ww
Kind of a big deal
Kind of a big deal
‎Jun 16 2021 7:11 AM
‎Jun 16 2021 7:11 AM

Api == meraki account

The connection is https.

0 Kudos
In response to ww
Greenberet
Head in the Cloud
‎Jun 16 2021 7:17 AM
‎Jun 16 2021 7:17 AM

You can limit the API by the client IP. However this feature is still in beta and not yet available for the wide public.

 

You can apply for it here

 

0 Kudos
In response to Greenberet
hcoq
Conversationalist
‎Jun 16 2021 7:27 AM
‎Jun 16 2021 7:27 AM

I have seen this IP range limitation possibility but I wanted to know if there is any method to add an authentication process between the API request and the dashboard, so that you would need an account to communicate with the Dashboard

0 Kudos
In response to hcoq
Bruce
Kind of a big deal
‎Jun 16 2021 1:56 PM
‎Jun 16 2021 1:56 PM

Your API key is your authentication to the Dashboard. Think of it as your username and password all wrapped up into a single non-comprehendable string of characters, and treat it with the same respect. I get what you are saying, but your API key is everything in the Meraki APIs at the moment. This is why you’re only ever shown it once when you generate it, never to see it again - you need to keep it secure.

In response to Bruce
John_on_API
Meraki Employee
Meraki Employee
‎Jun 16 2021 6:06 PM
‎Jun 16 2021 6:06 PM

@Bruce is right. To add onto this--REST APIs are stateless. You have to provide that API key with every single request. 

This principle is important to understand when it comes to API security.

 

In REST APIs, there is no such thing as a "session" except as abstracted through the validity of the API key, or via frameworks (like the Python requests module).

0 Kudos
In response to ww
hcoq
Conversationalist
‎Jun 16 2021 7:23 AM
‎Jun 16 2021 7:23 AM

Yes for sure but if someone manage to get my API key, he can push/pull trough the python API and mess up with my network, whereas he wouldn't have been able to do it through the dashboard since he would have needed to log in my meraki account first

0 Kudos
Limitless
Here to help
‎Jul 1 2021 3:18 AM
‎Jul 1 2021 3:18 AM

We have added MFA to our frontend dashboard so we can limit access by function. We don't share the Meraki dashboard with anyone else

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.