We are excited to announce the rollout of Aura App API keys, designed to enhance security and streamline authentication for your Aura applications.
This feature enables developers to create and manage dedicated API keys for programmatically accessing specific Aura App instances, providing greater control and flexibility for your interactive applications.
Why we built Aura App API keys
As Aura evolves into a comprehensive platform for interactive applications like Cloud Functions, DashApps and InferenceAPIs, we recognized the need for a more granular and secure authentication mechanism. Unlike our existing Management API keys that operate at the control plane level, Aura App API keys are specifically designed to:
- Provide focused access to individual app instances
- Maintain clear separation between management operations and app-specific interactions
- Enable precise identity tracking for every API call
- Offer organization administrators better visibility into access management
Key security considerations
We've carefully designed this feature to address common security challenges faced by organizations:
- Automatic tracking of API key ownership
- Notification systems for org admins when a key owner leaves the org, or their access is revoked, etc.
- Immediate key invalidation capabilities to quickly respond to security concerns
- Customizable expiration settings to enforce security best practices
Technical foundation
Aura App API keys are built on a robust technical foundation:
- Implementation as long-lived JWT (JSON Web Tokens)
- User and service scoping to support role-based access control
- Optimized for high-traffic environments with minimal latency
- Immediate propagation of revocation information
How to create and manage Aura App API keys
Creating and managing API keys for your Aura Apps is straightforward:
1. Navigate to any Aura App details page that requires an auth-protected endpoint. Let’s take an example Cloud Function.
.png?width=1024&disable=upscale&auto=webp)
2. Click on "API Keys" to open the management panel.
.png?width=1024&disable=upscale&auto=webp)
3. Click "Create New Key" to launch the creation wizard. Set a descriptive name and appropriate expiration for your key.
.png?width=1024&disable=upscale&auto=webp)
4. Copy the generated key for use in your applications.
.png?width=1024&disable=upscale&auto=webp)
5. Optionally, add the key to Helios Secrets for centralized secret management
Management capabilities
The API keys panel provides comprehensive management features:
- At-a-glance view of all keys associated with the app
- Filtering options to quickly locate specific keys
- Detailed information about each key including creation date and expiration
- Revocation capabilities for immediate key invalidation
- Usage statistics to monitor key activity (coming soon)
What's next
This initial release of Aura App API keys focuses on essential functionality for secure app access. In the coming months, we'll be expanding capabilities with:
- Enhanced RBAC features for more granular permission control
- Advanced usage analytics and monitoring
- Integration with CI/CD workflows
- Custom policies for key rotation and management
We're excited to see how you'll leverage Aura App API keys to build more secure and scalable applications on the SingleStore platform. This feature is now available to all SingleStore Aura users.
Try it today and share your feedback with our team to help shape future enhancements!
