You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We now have an API for remote creation of Discourse accounts on our SSO provider site (docs). It uses a shared secret called auth_key to control access, which is basically another type of API key, only for this API endpoint.
At some time, we want this mechanism to provide more granular access to this API endpoint than just "yes" or "no". There would be multiple auth_keys in parallel, and they would differ as follows:
Description. Just a note in the configuration file to remind the admin which client uses this key. Allows to delete the right key in case of spam issues :-)
Site access. A list of Discourse Communities sites on which accounts can be created using this auth_key.
Expiration date. Allows to limit auth_key validity to, for example, the period of a social media campaign where it is used.
Max. spam user count. Will expire the auth_key when more than the given number of spam users have been created with it.
Max. spam user percentage. As above, but using a percentage rather than an absolute number. Will only be evaluated from a certain number of accounts created with this key (say, 30).
The text was updated successfully, but these errors were encountered:
We now have an API for remote creation of Discourse accounts on our SSO provider site (docs). It uses a shared secret called
auth_key
to control access, which is basically another type of API key, only for this API endpoint.At some time, we want this mechanism to provide more granular access to this API endpoint than just "yes" or "no". There would be multiple
auth_key
s in parallel, and they would differ as follows:Description. Just a note in the configuration file to remind the admin which client uses this key. Allows to delete the right key in case of spam issues :-)
Site access. A list of Discourse Communities sites on which accounts can be created using this
auth_key
.Expiration date. Allows to limit
auth_key
validity to, for example, the period of a social media campaign where it is used.Max. spam user count. Will expire the
auth_key
when more than the given number of spam users have been created with it.Max. spam user percentage. As above, but using a percentage rather than an absolute number. Will only be evaluated from a certain number of accounts created with this key (say, 30).
The text was updated successfully, but these errors were encountered: