Important Changes to Mashape Authorization Keys
In our effort to improve the way keys are handled in Mashape, we have changed the naming and more importantly the way keys are used in Mashape. This is an important change so we recommend that you read on.
This change is immediate and is reflected NOW in your Mashape account (e.g. Dashboard, Mashape keys, test console, client libraries, etc)
After receiving feedback regarding the trouble and complexity of generating an authorization hash from your Mashape private and public keys, we decided to change and improve the way these keys are interpreted and generated. One of the problems that arose from generating a hash is when someone intercepts it. It will compromise your Mashape account in its entirety, leaving all your API access open to anyone who may have intercepted the hash.
To address this problem, we have removed the requirement to generate any hash. Instead there will be two main keys for you to manage:
- Universal key Testing – used for testing and will have access to every API
- Restricted keys Production- used in production, and can be restricted to consume only a specified group of APIs. (In theory, you can create one restricted key for each API).
Both Testing and the Production keys can be re-generated anytime.
Below are the areas in Mashape where you will see the changes:
- Client library (Ruby example below):
- Keystore panel
- Client library download
Where did my Public and Private Mashape keys go?
To ensure a smooth transition, your original Public and Private keys will still work in your applications. We would however recommend that you start using the new Universal and Restricted keys moving forward.
We would love to hear your feedback. Please email us at email@example.com for any comments and suggestions.