restricting/securing API access

Go0se49
Here to help

restricting/securing API access

I would like to start utilizing the API, but I need to be certain it is secure if I enable it. I realize someone would have to obtain my API key to do any damage, but other than obviously securing my API key, are there additional steps that can be taken to harden API access? I understand I can create a new user just for API access and restrict what that user can access and then use that user's API key to restrict it, but can I also restrict access to my only allow access from my IP address range? Is it possible to create custom rights so as an example, a user's API access only has access to GET/PUT group policy settings on one or two networks? Thanks in advance.

5 Replies 5
CptnCrnch
Kind of a big deal
Kind of a big deal

You can restrict to the Dashboard to your Login IP ranges („Organization“ -> „Settings“ -> „Login Ip ranges“). I don‘t know if that also works for API access.

boundless-digit
Getting noticed

yeah, it works for API access as well

Sidney Burks
Captive Portal and Meraki API Automation
Founder and CTO, Boundless Digital
sidney@boundless.fr
https://www.boundless.fr
Go0se49
Here to help

It appears that's a global setting? Ideally I don't want to restrict everyone. Just this single user's API key access.

boundless-digit
Getting noticed

Unfortunately, Meraki doesn't offer that kind of security granularity. 

 

Would a 3rd-party platform with more security granularity that wraps the Meraki API with its own API be useful?

Sidney Burks
Captive Portal and Meraki API Automation
Founder and CTO, Boundless Digital
sidney@boundless.fr
https://www.boundless.fr
PhilipDAth
Kind of a big deal
Kind of a big deal

I like to create a dedicated account.

 

Check out my post on API keys.

https://community.meraki.com/t5/Developers-APIs/A-newer-safer-way-to-access-the-dashboard-API/m-p/69... 

Get notified when there are additional replies to this discussion.