I would like to start utilizing the API, but I need to be certain it is secure if I enable it. I realize someone would have to obtain my API key to do any damage, but other than obviously securing my API key, are there additional steps that can be taken to harden API access? I understand I can create a new user just for API access and restrict what that user can access and then use that user's API key to restrict it, but can I also restrict access to my only allow access from my IP address range? Is it possible to create custom rights so as an example, a user's API access only has access to GET/PUT group policy settings on one or two networks? Thanks in advance.
... View more