Meraki

Kurn

Hi there!

This is my first post. I've searched though the forum but haven't found an answer. I was wondering if it is possible to generate an API key in the dashboard that is not linked to a user, so that if the user leaves, it can remain functional.

Is this possible or would it be better to make a service account?

Thanks in advance!

alemabrahao

No, it is not possible.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

alemabrahao

No, it is not possible.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

alemabrahao

What you can do is create a dedicated service account and then generate the APIs through that account. Remember to enable MFA for that account.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Kurn

Thanks for the fast answer! So that's how I imagined it. I'll just have to do it then.

Have a nice day!

pdeleuw

This is exactly the way I work: Create a service account, activate 2FA and generate API.

Mloraditch

You can't do it with a key but the newer OAuth would possibly help in your use case:https://developer.cisco.com/meraki/api-v1/oauth-overview/

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

PhilipDAth

You can use OAUTH.

https://community.meraki.com/t5/Feature-Announcements/Exciting-News-OAuth-2-0-is-Now-Available/ba-p/...

This works best for applications that run on servers (like a web app), and although it does work in scripts, it doesn't suit scripts as well.

nan3540

Will OAuth also be the way to go for automating the creation of organizations and networks, that is hosted on as a web app, or will the service account with api key be the way to go?

Oren

Creation of networks - yes.

Creation of new organizations - no. OAuth follows the principles of zero trust, and if it could create a new organization where it will have full admin rights - it would be considered privilege escalation.

What are you trying to achieve?

nan3540

i have a website, that automates the creation of new customers(new organizations), including default config for networks, ssids, fw rules and so on.

Another thing i am not totally sure about with OAuth, will the authentication to an org for a specific organization be there for ever, or would the user need to authenticate to an org every time they log in on my website?

Would the approach be to use the service account to create the default config, and with all other operations use OAuth?

Oren

Currently, for a use-case of creating new organizations - API keys would make more sense.

Configuration changes, compliance, monitoring - these can be achieved with OAuth.

As long as the OAuth refresh token is used at least once every 90 days - the integration will last indefinitely (unless an admin revokes it).

https://developer.cisco.com/meraki/api-v1/oauth-overview/

Meraki

Community

are APIs necessarily bind to users?

are APIs necessarily bind to users?