[arin-tech-discuss] Another option for API and email?

[Delacruz, Anthony B]

I use old school emails and API key on some of my submissions as not all of our ranges are covered by the restful tool we have, internal politics, databases and the such. I have other teams that need to do some updates and considering let them email as well to distribute more work. I don't want to just give them an api key that seems like once you have the api key then anything is up for grabs and it could be easily shared. I don't want to make these lower level staff related POC that has caused too much trouble in the past by their lack of understanding to even allow them an arin online account. The option to associate it comes with all these warnings of doom and gloom inside the arin online, though that seems like it adds a measure of security? Now at least only that email can send in request where if anyone has an api key it doesn't matter what email it comes from they can make changes. Could/should there be an option where both the API key and email must match and both be submitted for the request to be processed? Would that tighten up security? Are there other suggestions as to how to distribute some change ability buy still have measured control? I've spent months cleaning up bad records where former staff did completely bad and wrong entries and don't want to again.
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20170127/de2d4cbb/attachment.html>