New Token Scoping Interface

Hi all,

We’ve deployed a new interface that allows configuring API tokens with higher granularity, on the per-RRset level. This allows, for example, to set up tokens that can’t manipulate any DNS records except for ACME challenges.

The new interface is described here: Manage Tokens — deSEC DNS API documentation

Old tokens, including their configuration, remain valid. In particular:

  • If you used the previous version (“domain scoping” instead of RRset scoping), these tokens now have subname and type attributes added for equivalent meaning.
  • If you used policies with the perm_dyndns permission for dynDNS write access configuration, these have been replaced by two policies with the perm_write permission (one for A and one for AAAA record type). Everything should continue to work as before.

If you have any questions about using the new interface, feel free to ask them!

Stay secure,
Peter

3 Likes