If you have been following the Castfire status blog then you have recently seen several updates involving backend changes for the Castfire API. I want to share with you how those changes will manifest for Castfire clients.
There are six upcoming API key enhancements that fall into two general categories.
- Unlimited API keys
- API key names
- Ability to change an API secret
- Ability to delete an API key
- Limit access to specific API methods
- Limit the access to specific content producers
API key management
API keys will be decoupled from a user login allowing for a network to create unlimited API keys. Separate API keys can be created and assigned to a specific task or third-party. For example, if you are working with a digital agency like Digitaria, an API key can be created and shared with just them.
The API key can also be given a name, such as “Digitaria” and if needed the API secret can be changed or the API key can be deleted easily in the Castfire CMS.
API key access restrictions
Keeping third-party integrations in mind, API keys can be restricted to one or more API methods. For example, if Digitaria only needs details about existing shows, the API key can be limited to the shows.getDetail API method. If later on, the ability to set show tags is required then access to shows.setTags can easily be added in the Castfire CMS.
Restrictions also encompass content producers, allowing for API keys to be restricted to one or more. For example, if Digitaria wants the ability to set foreign keys on all shows in the “News” content producer, an API key can be created that only has access to this content producer and the only the shows.setDetail API method
These upcoming API key enhancements will make API key management easier, give control over access restrictions and allow for more flexibility when integrating Castfire with third-party vendors.