Security question ( API )

is it safe to enable api access for all users ? What are the repercussions for doing so?

What happens if a user gets hacked? A hacker may use the API aswell.

The least permissions you give, the better.

Yes it is save to enable the current settings for all users

The only have limited functions available.


And only listed to their own account.

1 Like

API access the users get are extremely limited and almost “needed” for optimal run of fastcgi cache

Even if I give you my Access/Key combination for a user you can’t do a lot: For example:

purge-nginx-cache permissions only give you to list the users web domains and purge the cache

The old api only remains for admin user only or with the generated api key (root user only)

1 Like

Thank you for clarifying. Keep up the good work

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.