[ARIN-consult] NOW CLOSED – Consultation on API Key Handling

[ARIN]

>From 8 August to 23 August, ARIN held a Consultation (https://www.arin.net/participate/community/acsp/consultations/2024/2024-3/) seeking feedback from the community on a potential improvement to increase the security for Application Programming Interface (API) key handling, specifically allowing the option to pass API keys in the header of a Restful Payload, and to use IP address range bounding to limit the validity of an API key. The benefit of this potential improvement is that it would give users options to make their API keys more secure and bring ARIN in line with best practices for API key handling.  

After reviewing and discussing the comments received during the consultation, ARIN plans to add the option to pass the API key in the header of a RESTful payload. We will also investigate and scope the work needed to allow for IP address range bounding, noting that this feature should be available under Organization management tools to be managed by Admin or Tech Contacts. Both improvements will be queued for inclusion in the development roadmap.  

ARIN thanks those who provided valuable feedback on this consultation. We rely on this input from our members and community to help steer the organization as we continue our mission in support of the operation and growth of the Internet. 

Regards, 

John Curran 
President and CEO 
American Registry for Internet Numbers (ARIN)