3

Updated API Management Tokens | DigitalOcean

 2 years ago
source link: https://www.digitalocean.com/blog/updated-api-tokens-new-management-features
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Today, we are excited to highlight our new API access tokens to boost token management to help improve security and automation. If you’ve recently generated an API access token you’ve likely noticed a few convenient updates.

We recommend you revoke any old tokens and re-generate your existing tokens at your earliest convenience to receive the following benefits.

Secret Scanning GitHub Partnership

We are excited to announce that we partnered with GitHub to take part in their secret scanning program. GitHub regularly scans code repositories they host to identify API tokens and other secrets accidentally committed to public repositories. 

Now, when using the new DigitalOcean API tokens, GitHub is able to notify us so we can take action to protect your account. When an API token has been publicly exposed, we will automatically revoke it and notify you to help you mitigate the impact of the leak.

Distinct Tokens improve Readability and Automation

The new token format has prefixes to easily identify them from other tokens. You can parse your tokens reading or programmatically if you prefer. 

Many use API tokens to trigger DevOps flows or desired events and the new prefixes make automation easier. You can now scan for tokens having the expected prefix.

Tip: there are three patterns of prefixing depending on where a token was generated.

Find Unused tokens with Last Used At

We want to enable you to make better-informed decisions about tokens you revoke. The control panel now displays when a token was last used to access the API. Quickly find and revoke unused tokens without fear of impacting a production service.

Set Expiration Date

Tracking your API tokens can be a pain, and stray tokens left on a server or developer’s machine can pose major security risks.

We now support setting an expiration date when generating personal access tokens in the control panel. Shorter-lived tokens help to ensure they can’t be used in attacks without manually revoking. 

Only newly generated API access tokens will have the new improvements and other upcoming features.

We encourage you to revoke any old tokens no longer in use and re-generate your existing tokens at your earliest convenience.

Happy coding,

Andrew Starr-Bochicchio

Senior Software Engineer II


report

Recommend

  • 10
    • devblogs.microsoft.com 3 years ago
    • Cache

    The updated GetGCMemoryInfo API in .NET 5.0 and how it can help you

    A bit of historyIn .NET 3.0 we introduced a GC.GetGCMemoryInfo API for library code to get memory load related things (this was used in ArrayPool for example) so it exposed

  • 12
    • www.mikechambers.com 3 years ago
    • Cache

    Updated ActionScript 3 RIA API Guide

    Updated ActionScript 3 RIA API Guide Tuesday, November 18, 2008 We have just posted an updated PDF of the Flash Platform ActionScript 3 RIA...

  • 7
    • mauricio.github.io 3 years ago
    • Cache

    Building DigitalOcean's API gateway - Maurício Linhares' ramblings

    Building DigitalOcean's API gateway Microservices all the way TL;DR: this is mostly a text version of a presentation I’ve done a couple times (Englis...

  • 24
    • learnblockchain.cn 3 years ago
    • Cache

    https://api.pancakeswap.info/api/v2/tokens

    token报价相关问题https://api.pancakeswap.info/api/v2/tokens | 登链社区 | 技术问答 5...

  • 6
    • fly.io 3 years ago
    • Cache

    API Tokens: A Tedious Survey

    API Tokens: A Tedious Survey We’re Fly.io. This post isn’t about Fly.io, but you have to hear about us anyways, because my blog, my rules. Our users ship us Docker containers and we transmute them into Firecracker microvms, whic...

  • 6
    • blog.miguelgrinberg.com 2 years ago
    • Cache

    API Authentication with Tokens

    API Authentication with Tokens In this article I'm going to show you a few common patterns for client authentication based on tokens, and ho...

  • 5
    • joonasw.net 2 years ago
    • Cache

    Always check permissions in tokens in an Azure AD protected API

    This is the seventh and final part of a series of blog posts related to Azure AD best practices. They are all related to a talk I gave at Tech Days Finland as well as in the Microsoft Identity Developer Community Office Hours. For the...

  • 10
    • scaleoutsean.github.io 1 year ago
    • Cache

    E-Series SANtricity API with JWT aka Bearer Tokens

    E-Series SANtricity API with JWT aka Bearer Tokens 08 Nov 2022 - 5 minute read Introduction SANtricity 11.74 supports

  • 3
    • gist.github.com 1 year ago
    • Cache

    Twitter API tokens

    Twitter API tokens How to set up a Twitter dev account, register Twitter app and generate Twitter API tokens This guide takes you through setting up a new Twitter account all the way through to generated...

  • 3
    • blog.rust-lang.org 1 year ago
    • Cache

    Improved API tokens for crates.io

    Improved API tokens for crates.io June 23, 2023 · Tobias Bieniek on behalf of the crates.io team

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK