This site is in read only mode. Please continue to browse, but replying, likes, and other actions are disabled for now.

⚠️ We've moved!

Hi there!

To reduce project dependency on 3rd party paid services the StackStorm TSC has decided to move the Q/A from this forum to Github Discussions. This will make user experience better integrated with the native Github flow, as well as the questions closer to the community where they can provide answers.

Use 🔗 Github Discussions to ask your questions.

Howto: Restrict API Key to specific webhooks

By default, an API Key can be used for any action or webhook.

This is because it has the privileges of the admin user that created it.

But you can associate an API key with a user, by using st2 apikey create -u <user>. Then set up a role with limited access, and map that user to that role.

The role should look something like:

---
    name: "webhook"
    description: "Send permission to one specific webhook"
    enabled: true
    permission_grants:
        -
            resource_uid: "webhook:<name>"
            permission_types:
               - "webhook_send"

See this Github Issue for more information and examples.

2 Likes