ACSP Suggestion 2017.22: Disable OT&E API keys (RegRWS) in Production Systems

Suggestion

Author: Alexander Stranzky   
Submitted On: 20 November 2017

Description:

Disable OT&E API keys (RegRWS) on the production database.

When testing an application, it’s important to have a test system separate from the production system. With OT&E, it’s possible to do that. However, the OT&E API keys are also valid keys for the production database. So, to get a better separation of production and test systems I propose that an OT&E API key is not allowed to work on the production system and vice versa. This makes sure that you cannot incidentally switch to the other system simply by making a mistake in the URL selection.

Value to Community: Separating the scope of the production and test API keys guarantees that production data are not affected even when an error in an API test run occurs that would affect the production data.

Timeframe: Not specified

Status: Closed   Updated: 28 September 2020

Tracking Information

ARIN Comment

15 December 2017

Thank you for your suggestion, numbered 2017.22 upon confirmed receipt, requesting ARIN disable OT&E API keys (RegRWS) on the production database.

We agree that disabling OT&E API keys on the production system could prevent accidental usage across systems and we will work to implement your suggestion. Our development schedule for the 2018 year is currently filled by previously-submitted community suggestions and other system improvements. We will review that schedule for changes and new additions early next year, and at that time will consider if scheduling for this suggestion may be moved up.

Thank you for participating in the ARIN Consultation and Suggestion Process. Your suggestion will remain open until fully implemented.

ARIN Comment

10 April 2018

This suggestion is not on the 2018 Work Plan and will be considered as part of the Community Consultation on Open ACSPs in April 2018. This consultation will serve as one of the inputs to help determine which suggestions will be included ARIN’s 2019 Work Plan.

ARIN Comment

28 September 2020

Thank you for your suggestion, numbered 2017.22 upon confirmed receipt, requesting ARIN disable OT&E API keys (RegRWS) on the production database.

We have improved our documentation about API keys on our Operational Test and Evaluation Environment (OT&E) page (found at https://www.arin.net/reference/tools/testing/) to include clear instructions about how to create and maintain separate API keys for use in OT&E. This provides organizations the option to maintain different API keys if they wish to do so without impacting those organizations that wish to use the same key for both OT&E and production.

Because this option is now clearly documented, we are closing your suggestion. Thank you for your participation in the ARIN Consultation and Suggestion Process.