We’ve deployed a new interface that allows configuring API tokens with higher granularity, on the per-RRset level. This allows, for example, to set up tokens that can’t manipulate any DNS records except for ACME challenges.
The new interface is described here: Manage Tokens — deSEC DNS API documentation
Old tokens, including their configuration, remain valid. In particular:
- If you used the previous version (“domain scoping” instead of RRset scoping), these tokens now have
typeattributes added for equivalent meaning.
- If you used policies with the
perm_dyndnspermission for dynDNS write access configuration, these have been replaced by two policies with the
perm_writepermission (one for A and one for AAAA record type). Everything should continue to work as before.
If you have any questions about using the new interface, feel free to ask them!