I was recently exploring the thought of using the NMM API to read cost estimate data into an internal solution, and while I can make it do what I want it to do, I realized that it does not appear as though there is any RBAC on the API is there? Maybe I'm missing something from back when I first generated credentials - but I would prefer not to give a reporting solution full access to manage customers via the API.
Great point, John!
Right now, you're only able to add a single API account (see Nerdio Manager Partner API - Getting Started – Nerdio Help Center), which can be nice if you're wanting to perform CRUD (Create, Read, Update, Delete) tasks, but if you're just wanting to do report only tasks, it's best practice to only give access to what's needed.
Out of curiosity, how many different API access accounts are you thinking you need/want?
* Read - only
* Create/Update -only
* Delete -only
Dave Stephenson - My current use cases are largely reporting centric, but there is interest within my org to consider some automation as part of deployment (using the API) to help enforce standards. So the breakdown above would absolutely make sense, but my preference would be to enable creating one or more API accounts with an association to the roles (standard or customized) available to NMM. This keep access control centralized, and the NMM API Account directly associated.
Makes complete sense to me.
Hopefully this can make more traction with other MSPs too.
Please sign in to leave a comment.
Comments (3 comments)