Coming Soon: Access Control For Exotel APIs

Coming Soon: Access Control For Exotel APIs

admin

At Exotel, we put the customer at the center of everything that we do. We take the privacy and security of your data very seriously and take substantial efforts to protect your data. Our platform is designed to make security an integral part of our software and company.

This is the first blog post of the series Exotel Security.

As a part of our ongoing efforts to improve the security of our information assets, we have provided access control options for managing your APIs.

The access control capability will provide the user with an option to minimise the security risk in case the API key is compromised.

This update will have the following capabilities

  • Control with respect to sharing the production API key with team members
  • Ability to change your API key without facing any downtime
  • Limiting the permissions of the the API key
  • Limiting the access to the API key from a restricted set of IP address only.

Capabilities of this feature

Create multiple API key and token pair

You can create multiple API Key and token from Exotel dashboard.

When is this feature useful?

  • When you have multiple use cases and want to create separate API key and token for each use case
  • When you want to limit the access to the production API keys to a limited set of users
  • When you have multiple teams and want separate API keys for each team
  • When you want separate API keys for each member of your team

Regenerate an API token

If you want to change or rotate your API key without any downtime, you can do so now.

We have updated the ‘Regenerate’ feature to ensure that the old API token would be active for 48 hours, thereby giving you the time to replace your old API keys with the new ones.

You can delete this active old API token before expiry using the delete option.

When is this feature useful?

  • When you want to rotate your API token periodically
  • When your API token is compromised, and you want to change the API token to minimise the risk of misuse
  • When a team member who is aware of the API key leaves your team and you want to avoid any misuse

Delete API keys and token pair

If you no longer want to use an API key and token pair, you can delete it. You can delete the default API SID and token as well. This will not affect any features in your Exotel dashboard.

When is this feature useful?

  • If you have created an API key for a specific team or a team member and that API key is no longer required, you can delete the API key
  • When you want to stop access to the APIs using an API key, you can delete the API key pair
  • When the API key created is no longer required, you can delete the API key.

Configure permission for an API key

By default, the API keys created by you have access to all APIs of Exotel. You can now restrict the permission for the API key to specific APIs.

When is this feature useful?

  • When you want you minimise the risk of unauthorised access to APIs
  • When you want your application/team member to access only a specific set of APIs

IP Whitelisting for your API key and token pair

You can now restrict the access to APIs from a specific set of IP addresses by adding the IP addresses in the access restrictions section of the API key. API request coming from any other IP addresses will be denied access.

When is this feature useful?

  • When you want to limit the access of APIs only from specific IP address – Production machines, office network etc.to minimise the risk of misuse
  • If you identify that your API key is misused by a malicious user outside your network and you want to stop them from misusing your API key

Viewing and Changing API throttle limit

You can now view the throttle limit of each API in your dashboard. If you want to change the throttle limit of any API, you can submit a request from the “API throttle limit” section or by writing to hello@exotel.in.

 

 

E-book: Guide to set up a simple cloud call center

We discuss factors like cost, business requirements and time to set up a simple call center


admin

No Comments

Leave a Comment

Your email address will not be published.

client-img

Blog

Your Business Communication on Autopilot with Auto Attendant Phone System

In a time filled with networking complexities, finding seamless and effective communication solutions has indeed…

Guest
client-img

Engineering-Blog

Coming Soon: Access Control For Exotel APIs

At Exotel, we put the customer at the center of everything that we do. We…

admin
client-img

Blog

Product-Blog

Using Cloud Telephony to Build a Better Customer Experience in the Real Estate Industry

Real estate is a vertical that has not witnessed the penetration of technology the way…

Swathi

Try Exotel free for 15 days

Get ₹ 1000 worth free call & SMS credits