Hi Tore,

But it does have something very similar, md5-pw and I really don't see why this is not adequate.

Just generate a 64 character hex string put it as a password and boom you have an API key.

My question is, how would having a dedicated API key feature help?

- Cynthia

On Fri, Feb 21, 2020 at 1:08 PM Tore Anderson <tore@fud.no> wrote:

Hello Cynthia,

> I really do not see any benefits or reasons why we should change the API key system for the DB.
> Maybe I am missing something that you can elaborate on.

«An API key system for the DB» does not exist today.

I do not propose to change this non-existent system. I propose to create one.

> Additionally if this was to replace the existing system it would just make it unavailable for non-LIRs (such as orgs with PI resources) without any real reason.

I do not propose to replace any authentication or authorisation method that already exists today.

Tore