Can a client account see and modify API Keys which were not created by this client account?

  • 1
  • Question
  • Updated 2 years ago
Hi Experts,
I generated few API Keys(Applications) for testing ShareFile API by using an employee account, and it is working as expected. Now, I am using a client account to register a new application, I did not expect to see all the applications created by my employee account. But, looks like my client account is able to see all the API Keys and maintain(update and delete) those API Keys which were not generated by my client account. Is there any way to prevent a client account to modify the API Keys generated by employee accounts?
Photo of Chinwei

Chinwei

  • 2 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Eliezer Encarnacion

Eliezer Encarnacion, Software Engineer

  • 732 Posts
  • 102 Reply Likes
Chinwei,

Thank you for bringing this to our attention. This is indeed a bug that should not be happening. In fact, not any Employee user should be able to create API Keys, only users with a certain Admin permission should be able to create and manage Keys. I'm going to open a ticket to have this resolved immediately.

Thanks!
Eli
Photo of Chris

Chris

  • 10 Posts
  • 1 Reply Like
Can you please inform when this is fixed? I noticed this as well and was very confused/concerned when I logged in as a client and was exposed to all the keys. 
Photo of Chinwei

Chinwei

  • 2 Posts
  • 0 Reply Likes
Hi Chris,
This bug was fixed few hours later after Eli replied the question.