Zuplo转发了
Your API is NOT enterprise-ready if you don't have Subaccounts - let me explain... If your API is designed to be used throughout an organization (ex. an email/sms API) a simple user management dashboard isn't going to cut it. Most companies don't want to dedicate an admin to manage access to the API, invite users, setup their permissions, etc. - they just want teammates to be able to invite eachother and it just works. Likewise, there shouldn't need to be an admin or internal system in place to track API usage by department/team and manage internal accounting - the API should be able to report these breakdowns for them. And don't get me started on security. If an API key gets leaked - migrating an enterprise to a new key is a whole project in itself - who knows all the places it could be hiding. Each team should be issued a key that they can manage and roll. So what's the solution? Massive APIs like Twilio, Vonage, Sinch Mailgun, and more allow you to create Subaccounts with Subaccount API Keys (Subkeys), which belong to individual departments/team - reporting individual metrics and providing tailored access to the API. The best part is that when they are compromised - the process of rolling the key is localized to that team - just like a virtual credit card. To learn more about this pattern and how to build it into your API - check my blog ??
Really interesting thank you ??
All of this is highly worth it – enterprise is where the dollars are! Great article, Adrian ????
Staff Software Engineer at Zuplo
4 个月Subaccounts explained: https://zuplo.com/blog/2024/11/12/what-are-subaccount-api-keys