Consultation on API Key Handling
Posted: Thursday, 08 August 2024
ACSP/Surveys
ARIN is seeking feedback from the community on a potential improvement to increase the security for Application Programming Interface (API) key handling, specifically allowing the option to pass API keys in the header of a Restful Payload, and to use IP address range bounding to limit the validity of an API key. The benefit of this potential improvement is that it would give users options to make their API keys more secure and bring ARIN in line with best practices for API key handling.
ARIN’s RESTful Provisioning system leverages modern application interfaces and provides even stronger authentication. RESTful calls require the use of an API key. Since the development of these systems, best practices have evolved to make them more secure. When the API key is included in the payload, it is encrypted which increases the security of these programmatic transactions with ARIN systems. The current system relies on the security of the connection between the networks that transport these plain text API keys. How urgent is the need for ARIN to bring its API key handling in line with the current best practices?
By adding functionality to allow the API keys to be shared as a header parameter, ARIN would create an option for customers who prefer to encrypt their API keys. By further allowing customers to set IP address boundaries for an API key’s usage, they can better control how their API keys are used.
We are seeking community input on the priority for updating the methods for the handling of API keys in ARIN’s RESTful provisioning system.
Please provide comments to arin-consult@arin.net. You can subscribe to this mailing list at https://lists.arin.net/mailman/listinfo/arin-consult.
This consultation will remain open until 5:00 PM ET on 23 August. ARIN seeks clear direction through community input, so your feedback is important.
Thank you for your continued support to improve ARIN’s services.
Regards,
John Curran
President and CEO
American Registry for Internet Numbers (ARIN)
Recent Announcements
- NOW CLOSED – Consultation on ARIN Online Change Notifications
- ARIN to Host Virtual Candidate Forum for 2024 Board of Trustees Election
- ARIN Registration Services Plan (RSP) Fee Schedule Change - Effective 1 January 2025
- The 2024 Slate of Candidates for ARIN Elections
- Reminder of Upcoming Deadline for ARIN’s Multifactor Authentication (MFA) Enforcement for ARIN Online
- Congratulations to the 2024 ARIN Community Grant Recipients
- NOW CLOSED – Consultation on API Key Handling
- Congratulations to the ARIN 54 Selected Fellows
- Deadline Approaching — Make Sure Your Organization Is Eligible to Vote in ARIN’s Upcoming Elections!
- NRPM 2024.1 - New Policies Implemented
- » View Archive