Explanations
How to guides
Tutorials
Reference
Home
Dashboard
Explanations
How to guides
Tutorials
Reference
Home
Dashboard

Understanding API Keys in Vidos

API keys in Vidos provide secure, managed access to both management and service functionality. They represent the core authentication mechanism that enables controlled interaction with Vidos resources while enforcing your security policies and permission boundaries.

What are API Keys?

An API key is a secure credential that identifies and authenticates requests to Vidos services. Each API key serves as a unique identity within the Vidos ecosystem, carrying specific permissions through attached policies and enabling fine-grained access control for your resources.

API keys represent the bridge between your applications and Vidos functionality, allowing for secure programmatic access while maintaining clear security boundaries.

Design Rationale

The API key system in Vidos addresses several crucial security and operational needs:

Security Model

Vidos implements API keys using a two-part credential system:

  • A public identifier (key ID) that can be safely included in requests
  • A private secret that proves authenticity and must be protected

This separation follows established security patterns:

  • The key ID enables tracking, management, and revocation
  • The key secret provides cryptographic proof of identity
  • The separation enables security practices like key rotation

Separation of Concerns

API keys in Vidos are designed to enforce clear operational boundaries:

  • Keys can be limited to specific scopes (management or service)
  • Permissions are explicitly granted through policy attachment
  • Different keys can be created for different operational needs
  • Keys naturally support the principle of least privilege

Operational Flexibility

The API key system balances security with operational needs:

  • Keys can be easily created, updated, and deleted
  • Permissions can be adjusted without changing the key itself
  • Multiple keys can exist simultaneously for different purposes
  • Keys can be scoped to specific regions or instances

How API Keys Work

API keys in Vidos operate through a combination of identification, authentication, and authorization:

Identity Foundation

Each API key serves as a distinct identity within Vidos:

  • Keys have unique identifiers
  • Keys maintain their own permission sets
  • Keys can be individually managed and monitored
  • Keys exist within your account boundary

Authentication Mechanism

When presented to Vidos services, API keys:

  • Validate the authenticity of requests
  • Establish the identity making the request
  • Determine which permissions apply
  • Create an audit trail of operations

Authorization Framework

API keys integrate with the broader authorization system:

  • Keys derive permissions from attached policies
  • Policies determine allowed operations
  • Authorization decisions follow policy evaluation rules
  • Both implicit and explicit denials are enforced

Integration with Other Concepts

API keys work in concert with several other fundamental Vidos concepts:

Relation to IAM Policies

API keys and IAM policy documents form a powerful combination:

  • Keys act as the identity that policies are evaluated against
  • Policies define the boundaries of what keys can do
  • The combination creates a flexible, secure access model
  • Policy changes take effect immediately for existing keys

Relation to IAM Scopes

API keys operate within the IAM scopes framework:

  • Keys can be granted management scope permissions
  • Keys can be granted service scope permissions
  • Scope separation ensures appropriate access boundaries
  • The scope model guides key distribution and security practices

Relation to Instances

Keys establish access patterns for Vidos service instances:

  • Management scope keys can create and configure instances
  • Service scope keys interact with specific instances
  • Keys bridge your applications to Vidos functionality
  • Instance-specific permissions can be enforced through policies

Best Practices

When working with API keys in Vidos:

Follow Secure Distribution

  • Treat key secrets as sensitive credentials
  • Implement secure storage for key secrets
  • Never expose secrets in client-side code or repositories
  • Establish secure methods for key distribution

Implement Key Separation

  • Create separate keys for different applications or purposes
  • Use different keys for management and service access
  • Avoid using a single key across multiple systems
  • Consider environment separation (development, testing, production)

Adopt Lifecycle Management

  • Establish procedures for key creation, distribution, and rotation
  • Implement regular key rotation schedules
  • Create procedures for emergency key revocation
  • Document key ownership and purpose

Design for Least Privilege

  • Grant only necessary permissions to each key
  • Start with minimal access and expand as needed
  • Regularly review key permissions
  • Remove unused or unnecessary keys

By understanding and effectively utilizing API keys, you create a secure foundation for accessing Vidos services while maintaining clear security boundaries and operational control.

ON THIS PAGE