Introducing EMS Trading API  EMS Trading API

- Unlimited trading accounts in just one place.

API Key Permissions

API key permissions are security settings that control what actions an API key can perform when accessing a service or platform, typically defining whether the key can read data, make trades, withdraw funds, or modify account settings.

API Key Permissions - Definition

API Key Permissions define the specific access levels and capabilities of an API key. They control which parts of an application's functionality or data the key can interact with.

When creating an API key, administrators assign specific scopes or permissions limiting access to certain endpoints and functionalities.

Levels of Access

When assigning permissions to an API key, administrators can select from various access levels:

  • No Access: Restricts the API key from accessing any endpoints within the selected permission scope.
  • Read Access: Grants the API key the ability to perform GET requests, allowing it to retrieve data without modifying it.
  • Full Access: Enables the API key to execute GET, PATCH, PUT, DELETE, and POST requests, providing comprehensive control over the designated scope.

Role-Based Access Control

Admin Role

  • Create, generate, and deactivate API keys.
  • Manage permissions for each API key to ensure data security.
  • Add subscriptions and edit billing information.
  • Manage users and have full access to Customer Portal administrative functions.

User Role

  • Log in to the Customer Portal.
  • View account usage and track metrics.
  • Limited API key management capabilities compared to Admins.

Managing API Key Permissions

  • Generate New API Keys: Create multiple API keys.
  • Deactivate API Keys: Disable keys.
  • Set Permissions: Define permissions for each API key.

Things to Remember

  • Granular Control of API Permissions: Assign specific scopes and permissions to API keys to enforce Zero Trust and Least Privilege principles, minimizing security risks and preventing unauthorized access.
  • Implement Role-Based Access Control (RBAC): Use RBAC to ensure that users are assigned appropriate roles, such as Admin or User, based on their responsibilities, maintaining proper access levels across the organization.
  • Adhere to Best Practices: Regularly review and rotate API keys, segregate keys for different functionalities, and use meaningful naming conventions to maintain a robust security posture and efficient access management.
  • Effectively Manage Access Levels and Authentication Methods: Choose appropriate access levels like No Access, Read Access, or Full Access for each API key, and leverage additional authentication methods to enhance security and control over API interactions.