Access Control

API Reference: Management API Authentication | Flux API Authentication

FoxNose offers a robust role-based access control system to manage user permissions at various levels across the organization, project, and environment. This approach helps secure content while providing team members with the specific permissions needed to perform their roles effectively.

Authentication Methods

FoxNose uses two primary authentication methods that work differently across the Management API and Flux API:

JWT Authentication

  • Available only for Management API
  • User-based authentication for email-verified accounts
  • Suited for user interactions, especially in administrative tasks within the Management API
  • Supports access tokens and refresh tokens for user-specific, session-based interactions
  • Can hold any role within an organization, project, or environment, enabling high-level and environment-specific control
  • Not supported in Flux API - Flux API uses only API Key authentication

API Key Authentication

  • Available for both Management API and Flux API
  • Service-based authentication ideal for automated interactions
  • Important: Each API uses its own separate API keys:
    • Management API keys only work with Management API endpoints
    • Flux API keys only work with Flux API endpoints
    • Keys are not interchangeable between APIs
  • Key Creation: All API keys (both Management and Flux) are created through the FoxNose web interface
  • Security: Secret keys are shown only once during creation and cannot be retrieved later
  • API keys are restricted to the Granular Role for Management API, limiting access based on designated entities and actions

Management API Access Control

The following roles and permissions apply specifically to Management API access, including users working through the web interface and API keys accessing Management API endpoints.

Available Roles

Access control in FoxNose is organized by roles that assign specific permissions across the organization's hierarchy. These roles define access within organizational, project, and environment contexts for Management API operations.

RoleAPI AccessIncluded Permissions
Organization OwnerOrganizations, projects, environmentsFull access to organization management, all projects and environments
Organization AdministratorSpecific organization and all its projects/environmentsProject management and project-level data access, without ability to manage other organization administrators
Project AdministratorFull access to specific project and its environmentsProject settings, full environment management, including role assignment to users in environments
Granular RoleOnly specific environmentConfigurable access to entities and actions. Can set full access, but without environment deletion rights

Granular Permissions

The Granular Role offers fine-tuned access to specific entities within an environment for Management API operations. It is available to both users and Management API keys, making it ideal for scenarios where restricted, focused access is needed.

Environment Management

PermissionDescriptionAvailable Actions
Environment SettingsView and modify environment configurations, including enabling or disabling environments. Does not permit environment deletion.Read, Update

Content Management

PermissionDescriptionAvailable Actions
Collection SchemasCreate and manage schemas for collection foldersCreate, Read, Update, Delete
ComponentsManage reusable data schemas (components)Create, Read, Update, Delete
Folder ContentsView the list of resources and subfolders within folders without accessing their contents. Enables precise control through object-level permissions for foldersRead
Folder StructureView and manage the hierarchy of foldersCreate, Read, Update, Delete
ResourcesCreate, view, and manage resources within folders, including opening and editing their contentsCreate, Read, Update, Delete

Access Control Management

PermissionDescriptionAvailable Actions
Management API RolesCreate, view, and manage roles for accessing the system via web application or Management API keysCreate, Read, Update, Delete
Management API KeysCreate, view, and manage API keys for accessing the Management APICreate, Read, Update, Delete
User Role AssignmentsAssign and manage roles for users interacting with the environment through the web applicationCreate, Read, Update, Delete

Flux API Management

PermissionDescriptionAvailable Actions
Flux APIsCreate and manage Flux APIsCreate, Read, Update, Delete
Flux API RolesManage access to the Flux API through associated API keys and role assignmentsCreate, Read, Update, Delete
Flux API KeysCreate, view, and manage API keys for accessing the Flux APICreate, Read, Update, Delete

Flux API Access Control

Flux API uses a separate access control system focused on content delivery:

  • Authentication: Only API Key authentication (no JWT support)
  • Permission System: Controlled through folder-level allowed_methods settings configured via Management API
  • API Keys: Created through the web interface, separate from Management API keys
  • Access Control: Determined by folder connections and their allowed_methods permissions (get_one, get_many)

For detailed information about Flux API authentication and permissions, see Flux API Authentication.

Was this page helpful?