At Exotel, we put the customer at the center of everything that we do. We take the privacy and security of your data very seriously and take substantial efforts to protect your data. Our platform is designed to make security an integral part of our software and company.
This is the first blog post of the series Exotel Security.
As a part of our ongoing efforts to improve the security of our information assets, we have provided access control for managing your APIs.
The access control capability will provide the user with an option to minimise the security risk in case the API key is compromised.
This update will have the following capabilities
- Create multiple API keys
- Ability to change your API key without any downtime
- Limit the permissions of the API key
- Limiting the access of the API key from a restricted set of IP address only.
Create multiple API key and token pair
You can create multiple API Key and token from Exotel dashboard.
When you will need this feature
- You have multiple use cases and want to create separate API key and token for each use case
- You want different API keys for production and testing environment
- You have multiple teams and want separate API keys for each team
- You want separate API keys for each member of your team
Regenerate an API token
If you want to change or rotate your API key without any downtime, you can do so now.
We have updated the ‘Regenerate’ feature to ensure that the old API token would be active for 48 hours, thereby giving you the time to replace your old API keys with the new ones.
You can delete this active old API token before expiry using the delete option.
Delete API key and token pair
If you no longer want to use an API key and token pair, you can delete it. You can delete the default API SID and token as well. This will not affect any features in your Exotel dashboard.
Configure permission for an API key
By default, the API keys created by you have access to all Exotel APIs. You can now restrict the permission for the API key to specific APIs.
IP Whitelisting for your API key and token pair
You can now restrict the access to APIs from a specific set of IP addresses by adding the IP addresses in the access restrictions section of the API key. API request coming from any other IP addresses will be denied access.
Viewing and Changing API throttle limit
You can now view the throttle limit of each API in your dashboard. If you want to change the throttle limit of any API, you can submit a request from the “API throttle limit” section or by writing to firstname.lastname@example.org.