Hi all,
We’ve deployed a new interface that allows configuring API tokens with higher granularity, on the per-RRset level. This allows, for example, to set up tokens that can’t manipulate any DNS records except for ACME challenges.
The new interface is described here: Manage Tokens — deSEC DNS API documentation
Old tokens, including their configuration, remain valid. In particular:
- If you used the previous version (“domain scoping” instead of RRset scoping), these tokens now have
subnameandtypeattributes added for equivalent meaning. - If you used policies with the
perm_dyndnspermission for dynDNS write access configuration, these have been replaced by two policies with theperm_writepermission (one for A and one for AAAA record type). Everything should continue to work as before.
If you have any questions about using the new interface, feel free to ask them!
Stay secure,
Peter