/plushcap/analysis/launchdarkly/launched-personal-access-tokens

Launched: Personal Access Tokens

What's this blog post about?

LaunchDarkly has introduced personal API access tokens to enhance security and accountability for users of their platform's API. Previously, there was only one token per organization, which could be problematic for larger teams or those with varying use cases. Personal access tokens allow each user to create their own tokens with scoped permissions, making it easier to manage different levels of access. Additionally, built-in and custom roles can be assigned to these tokens, extending the same role-based controls from the web application to API access. LaunchDarkly recommends users migrate to personal access tokens for improved security and advises creating a new token for each use case with minimal permissions necessary. This feature also enables better accountability through audit logs that track actions based on who created the tokens, ensuring visibility into user activities.

Company
LaunchDarkly

Date published
Nov. 30, 2017

Author(s)
Kim Harrison

Word count
426

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.