Help Center

Using multiple API keys to manage inbound filtering domains more securely

API keys are not required to manage your domains. A domain can be associated with a single key or left unpaired and unrestricted.
 
API-Key Domain Association management is available inside of your Host Console.
 Figure 1 - API-Key Management under Settings > Account > API Keysapi-key_add-domains.png
Figure 2 - Create API Key dialog
api-key_description.png 
 
The MailChannels Inbound Management API allows you to associate a group of domain names with a specific API key, rather than using a single API key to manage all of your domains. Segregating domain name management across a set of API keys improves security by reducing the attack surface, should one of your API keys become compromised.
 
Example: A unique API key can be associated with the domains that are managed by each shared hosting server. If the server is compromised leading to a disclosure of the key, then only the configuration of those domains is at risk. The other shared hosting servers and their domains are not at risk.
 

How it works

  • Each domain can optionally be associated with a specific API key, which we will call the "associated key."
  • When a domain has an associated key, that domain will not show up in listing requests made by other API keys, and that domain cannot be edited or removed by any but the associated key.
  • A domain that does not have an associated key can be listed, edited, and removed by any of your API keys. We call these domains "unassociated domains." Thus, if you are using associated keys with any of your domains, it is important to consider using associated keys with all of your domains to achieve the security isolation you require.
  • When a new domain is provisioned using our Inbound API, an additional parameter can be passed to associated it with an API key.
  • When an API key is deleted, all associations to that key are removed and those domains become unassociated domains.
  • Domains provisioned through our WHM plugin directly are not associated with a key and need to be managed from your Host Console. A new version of the WHM plugin with key association is coming soon.
 

WHM/cPanel Plugin

Our WHM plugin is a client of the inbound API, and these same restrictions by key apply within the plugin as well. You can choose which key gets used by any instance of the plugin. Use caution when  changing API key associations as this may result in domains disappearing if they are no longer being managed by the plugin.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Article is closed for comments.