API Writes now Need an API Key
You now need to use an API key if you want to update PeeringDB using the API. PeeringDB will continue to support HTTP Basic Authentication (HBA) for queries with the existing API, but transitioning to an API key is strongly recommended for users and organizations who have not already done so, since it is a more secure operational practice.
We encourage all users to enable Multi-Factor Authentication (MFA) and to use that when accessing our website from a browser. We encourage anyone that wants to use our API to do so using API keys.
We made this change because there is no way to perform MFA with HBA. Removing the ability to update PeeringDB via the API without API keys conforms to security best practices.
We support both user and organizational API keys. We have a HOWTO about creating API keys and using them.
We have also introduced some organizational policy features this month. Organizations can now require users:
- To enable MFA
- To have an email address from a specific domain
- To revalidate their account on a schedule set by the organization
We made this change because of an internal security analysis. We accept security reports to firstname.lastname@example.org. We have published a HOWTO for making security reports.
If you have questions about PeeringDB security, please write to email@example.com. If you need help configuring API keys, please write to firstname.lastname@example.org.