regenerate or change API Keys
Posted: Wed Aug 24, 2016 11:21 am
Found a forum post with what I was wanting to see, but it looks to be still an open issue maybe?
https://support.nagios.com/forum/viewto ... ey#p159966
Has there been any progress on this?
We are using the API to make Nagios XI and AWS integration be dynamic. We are also adding and removing network gear dynamically, and are planning to add Storage Systems. At some point, maybe all our ESX virtuals will be dynamically added and monitored. Depends...
When something goes wrong, or if the key is compromised, I would like to be able to change the key either manually, via code, or to just disable it for a while. Not every user needs to be able to use an API interface. Yet they all have a key. To commit changes, the API user needs to have admin rights. I have special users created for the API integration we are using. Those user accounts have unknown passwords, that will never be used for a login. The accounts are only for API access with the ability to commit.
I need to be able to turn off the specific API, or disable the account without deleting it, or stop the remote changes being made via some method.
Anyone have ideas other than butchering the php code that allows API access? I do not want to stop ALL API access. I need some refinement in basic capabilities.
Thanks
Steve B
https://support.nagios.com/forum/viewto ... ey#p159966
Has there been any progress on this?
We are using the API to make Nagios XI and AWS integration be dynamic. We are also adding and removing network gear dynamically, and are planning to add Storage Systems. At some point, maybe all our ESX virtuals will be dynamically added and monitored. Depends...
When something goes wrong, or if the key is compromised, I would like to be able to change the key either manually, via code, or to just disable it for a while. Not every user needs to be able to use an API interface. Yet they all have a key. To commit changes, the API user needs to have admin rights. I have special users created for the API integration we are using. Those user accounts have unknown passwords, that will never be used for a login. The accounts are only for API access with the ability to commit.
I need to be able to turn off the specific API, or disable the account without deleting it, or stop the remote changes being made via some method.
Anyone have ideas other than butchering the php code that allows API access? I do not want to stop ALL API access. I need some refinement in basic capabilities.
Thanks
Steve B