System Service API Keys
When integrating with CiviCRM, you can create one per-user API key. However, if you're writing an integration, this requires some kind of kludge, e.g.
- Take your own user, assign an API key, and use that. But now the system has the full access of your user. Moreover, multiple integrations may have to use the same API key -- which can make it harder to rotate keys.
- Create a new user just for the integration, assign an API key, and use that. But now the database includes contact records that don't make sense to regularly staff looking through the database.
Solution: Implement an extension which:
- Adds a new CRUD screen for creating system API keys.
- Implement a RESTy end-point which accepts these API keys.
- Enforces limited permissions (i.e.
Civi\API\WhitelistRule
).
Estimate: 1-7 days (core-dev time-units)