API keys are not required to manage your domains. A domain can be associated with a single key or left unpaired and unrestricted.
API-Key Domain Association management is available inside of your Host Console.
Figure 1 - API-Key Management under Settings > Account > API Keys
Figure 2 - Create API Key dialog
The MailChannels Inbound Management API allows you to associate a group of domain names with a specific API key, rather than using a single API key to manage all of your domains. Segregating domain name management across a set of API keys improves security by reducing the attack surface, should one of your API keys become compromised.
Example: A unique API key can be associated with the domains that are managed by each shared hosting server. If the server is compromised leading to a disclosure of the key, then only the configuration of those domains is at risk. The other shared hosting servers and their domains are not at risk.
How it works
- Each domain can optionally be associated with a specific API key, which we will call the "associated key."
- When a domain has an associated key, that domain will not show up in listing requests made by other API keys, and that domain cannot be edited or removed by any but the associated key.
- A domain that does not have an associated key can be listed, edited, and removed by any of your API keys. We call these domains "unassociated domains." Thus, if you are using associated keys with any of your domains, it is important to consider using associated keys with all of your domains to achieve the security isolation you require.
- When a new domain is provisioned using our Inbound API, an additional parameter can be passed to associated it with an API key.
- When an API key is deleted, all associations to that key are removed and those domains become unassociated domains.
- Domains provisioned through our WHM plugin directly are not associated with a key and need to be managed from your Host Console. A new version of the WHM plugin with key association is coming soon.
WHM/cPanel Plugin
Our WHM plugin is a client of the inbound API, and these same restrictions by key apply within the plugin as well. You can choose which key gets used by any instance of the plugin. Use caution when changing API key associations as this may result in domains disappearing if they are no longer being managed by the plugin.
Comments
Article is closed for comments.