New Token Scoping Interface

Hi all,

We’ve deployed a new interface that allows configuring API tokens with higher granularity, on the per-RRset level. This allows, for example, to set up tokens that can’t manipulate any DNS records except for ACME challenges.

The new interface is described here: Manage Tokens — deSEC DNS API documentation

Old tokens, including their configuration, remain valid. In particular:

  • If you used the previous version (“domain scoping” instead of RRset scoping), these tokens now have subname and type attributes added for equivalent meaning.
  • If you used policies with the perm_dyndns permission for dynDNS write access configuration, these have been replaced by two policies with the perm_write permission (one for A and one for AAAA record type). Everything should continue to work as before.

If you have any questions about using the new interface, feel free to ask them!

Stay secure,