Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Changing your API Tokens regularly - specially after a recorded presentation published on YouTube

Daniel Nashed – 18 June 2021 08:52:02

Changing API tokens regularly is a general best practices.
This is specially important if you do a recorded live demo with your production accounts and show the configuration.
I didn't know which accounts I am going to use for my OpenNTF demos.
But I was well aware I have to change many of my tokens afterwards, because they are also shown in the tracing functionality I demoed.

So I wasn't paying much attention to hide any of the tokens seen on screen and just changed all of them this morning ;-)

Restrict API permissions
Cloudeflare changed their API meanwhile and you don't need a full authentication token any more for DNS TXT records.
You can now do all required operations with the simple API key which can be restricted to the simple DNS operations needed.
And they are really configurable per domain. Some other providers only have one API key per account for all the operations.

So if you are looking for a provider for DNS TXT integration and want to deplopy for example DNS API validation Domain leveraging CNAME delegation, I would really recommend looking into the free basic account at Cloudflare.

Cloudflare is widely used, has a very good API flexible API that you can narrow down on permissions. That's part of the reasons why it is the reference API not only for CertMgr but also other ACME DNS integrations.

-- Daniel

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]