Automatic loading at Data Library from API keys
See original GitHub issueUse case:
- Let’s assume that there’s a “data-provider-company” CARTO user account, managed by us, with several datasets for paid customers.
- “alice”, a customer, gets in touch with us and buys 3 of those datasets.
- A bizops person opens that account and creates a “user:alice:…” api key for that user with read access to the datasets that the customer paid.
- When the user goes to the Dashboard, the paid datasets are at the Data Library.
- When the contract ends, the API key gets renewed, so the user can’t import it anymore.
Implementation details:
- API key pattern. It must be index-friendly, unambiguous and informative. In addition, as normal keys can’t be edited, keep in mind that one user might have several of them.
- It’d be great if the pattern for read only datasets couldn’t be used to grant write access, making human failure harder.
- Creating this key should trigger a regeneration of target user Data Library (maybe in a lazy way, marking it as “to regenerate in the next load”).
- This needs a
premium_datasets_users
table that contains the usernames of those accounts with premium data. That way, at step 4, after adding all “common-data” datasets, system will look for api keys for current user at those accounts. - Nice to have / Must have: on API key renewal or removal, the Data Library entry should dissappear (same behaviour than #13667).
This will be tackled after implementing the basics (#13666, #13667), but it’s a nice approach from a management point of view.
cc @javitonino @ethervoid @antoniocarlon let me know any additional suggestion or things that should be taken into account. In addition, I’d like to come up with a design that doesn’t couple API key management to Data Library management.
Issue Analytics
- State:
- Created 6 years ago
- Comments:7 (6 by maintainers)
Top Results From Across the Web
Authenticate using API keys - Google Cloud
Document processing and data capture automated at scale. ... Authenticate using client libraries · Authenticate using REST · Authenticate using API keys.
Read more >Use API Keys with Maps Static API - Google Developers
Go to the Google Maps Platform > Credentials page. Go to the Credentials page · On the Credentials page, click Create credentials >...
Read more >API Keys - Seq Documentation
API keys are listed, and created, in the Data > Ingestion screen within Seq. 2560. Selecting Add API key will request a name...
Read more >Best practice for storing and protecting private API keys in ...
Solution: We can use NDK to Secure API Keys. We can store keys in the native C/C++ class and access them in our...
Read more >Learn about using and managing API keys for Firebase - Google
You can also find which API key is automatically matched to a Firebase App in the following places. By default, all of your...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I’ve just read this, sorry 🙏
I like the idea to auto-discover premium datasets, it’ll great for the biz operations people.
The search capability sounds great indeed!
And as all said, I prefer to use a table for multiple reasons:
app_config.yml
we have to reboot the servers to load the new configurationThat said, great feature 😃
After rereading this some weeks later, I think that coupling Auth API to Data Library is a mistake, because as you’ve seen there are some issues, from autodiscovery at user level to multi cloud environments. Instead, building on top of it is better and simpler.
New proposal: a new rake similar to
cartodb:remotes:load_in_data_library
but receiving an API key token instead of a source dataset. That rake will load all granted datasets into user account:As we get a few requests to do this, we can create an endpoint and add this to superadmin.
This push approach makes updating trivial, and doesn’t add the harm of polling api keys in every common data update.