Let’s look at an example app for allowing your users to manage domains.

As part of the API, your users will be able to perform CRUD operations against domains or individual dns records.

1

Creating permissions

Users of our app can have the following permissions:

  • domain.delete_domain
  • domain.dns.create_record
  • domain.dns.read_record
  • domain.dns.update_record
  • domain.dns.delete_record
  • domain.create_domain
  • domain.read_domain
  • domain.update_domain

Create them in your dashboard.

2

Creating roles

And we define the following roles:

  • admin: An admin can do everything
  • dns.manager: Can create, read, update and delete dns records but not access the domain itself
  • read-only: Can read domain or dns record information.

Create them in your dashboard too.

3

Connecting

For each role, we need to connect the permissions it should have. Go to /app/authorization/roles and click on the role to go to the permissions screen.

4

Create a key

Now that we have permissions and roles in place, we can connect them to keys.

  1. In the sidebar, click on one of your APIs
  2. Then click on Keys in the tabs
  3. Select one of your existing keys by clicking on it
  4. Go to the Permissions tab

You should now be on /app/keys/key_auth_???/key_???/permissions

You can connect a role to your key by clicking on the checkbox in the graph.

Let’s give this key the dns.manager and read-only roles.

As you can see, now the key is connected to the following permissions: domain.dns.create_record, domain.dns.read_record, domain.dns.update_record, domain.dns.delete_record, domain.create_domain, domain.read_domain

5

Verifying Permissions

Now you can verify this key and perform permission checks. Read more