Access Control
API Reference: Management API Authentication | Flux API Authentication
FoxNose offers a robust role-based access control system to manage user permissions at various levels across the organization, project, and environment. This approach helps secure content while providing team members with the specific permissions needed to perform their roles effectively.
Authentication Methods
FoxNose uses two primary authentication methods that work differently across the Management API and Flux API:
JWT Authentication
- Available only for Management API
- User-based authentication for email-verified accounts
- Suited for user interactions, especially in administrative tasks within the Management API
- Supports access tokens and refresh tokens for user-specific, session-based interactions
- Can hold any role within an organization, project, or environment, enabling high-level and environment-specific control
- Not supported in Flux API - Flux API uses only API Key authentication
API Key Authentication
- Available for both Management API and Flux API
- Service-based authentication ideal for automated interactions
- Important: Each API uses its own separate API keys:
- Management API keys only work with Management API endpoints
- Flux API keys only work with Flux API endpoints
- Keys are not interchangeable between APIs
- Key Creation: All API keys (both Management and Flux) are created through the FoxNose web interface
- Security: Secret keys are shown only once during creation and cannot be retrieved later
- API keys are restricted to the Granular Role for Management API, limiting access based on designated entities and actions
Management API Access Control
The following roles and permissions apply specifically to Management API access, including users working through the web interface and API keys accessing Management API endpoints.
Available Roles
Access control in FoxNose is organized by roles that assign specific permissions across the organization's hierarchy. These roles define access within organizational, project, and environment contexts for Management API operations.
Role | API Access | Included Permissions |
---|---|---|
Organization Owner | Organizations, projects, environments | Full access to organization management, all projects and environments |
Organization Administrator | Specific organization and all its projects/environments | Project management and project-level data access, without ability to manage other organization administrators |
Project Administrator | Full access to specific project and its environments | Project settings, full environment management, including role assignment to users in environments |
Granular Role | Only specific environment | Configurable access to entities and actions. Can set full access, but without environment deletion rights |
Granular Permissions
The Granular Role offers fine-tuned access to specific entities within an environment for Management API operations. It is available to both users and Management API keys, making it ideal for scenarios where restricted, focused access is needed.
Environment Management
Permission | Description | Available Actions |
---|---|---|
Environment Settings | View and modify environment configurations, including enabling or disabling environments. Does not permit environment deletion. | Read, Update |
Content Management
Permission | Description | Available Actions |
---|---|---|
Collection Schemas | Create and manage schemas for collection folders | Create, Read, Update, Delete |
Components | Manage reusable data schemas (components) | Create, Read, Update, Delete |
Folder Contents | View the list of resources and subfolders within folders without accessing their contents. Enables precise control through object-level permissions for folders | Read |
Folder Structure | View and manage the hierarchy of folders | Create, Read, Update, Delete |
Resources | Create, view, and manage resources within folders, including opening and editing their contents | Create, Read, Update, Delete |
Access Control Management
Permission | Description | Available Actions |
---|---|---|
Management API Roles | Create, view, and manage roles for accessing the system via web application or Management API keys | Create, Read, Update, Delete |
Management API Keys | Create, view, and manage API keys for accessing the Management API | Create, Read, Update, Delete |
User Role Assignments | Assign and manage roles for users interacting with the environment through the web application | Create, Read, Update, Delete |
Flux API Management
Permission | Description | Available Actions |
---|---|---|
Flux APIs | Create and manage Flux APIs | Create, Read, Update, Delete |
Flux API Roles | Manage access to the Flux API through associated API keys and role assignments | Create, Read, Update, Delete |
Flux API Keys | Create, view, and manage API keys for accessing the Flux API | Create, Read, Update, Delete |
Flux API Access Control
Flux API uses a separate access control system focused on content delivery:
- Authentication: Only API Key authentication (no JWT support)
- Permission System: Controlled through folder-level
allowed_methods
settings configured via Management API - API Keys: Created through the web interface, separate from Management API keys
- Access Control: Determined by folder connections and their
allowed_methods
permissions (get_one
,get_many
)
For detailed information about Flux API authentication and permissions, see Flux API Authentication.