starred/healthchecks
1
0
Fork 0
mirror of https://github.com/healthchecks/healthchecks.git synced 2026-04-25 23:15:49 +03:00
Code Issues 56 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1148] Use human-readable API key prefixes to distinguish read-only and read-write API keys #793

New issue
Closed
opened 2026-02-25 23:43:36 +03:00 by kerem · 5 comments
kerem commented 2026-02-25 23:43:36 +03:00
Owner
Copy link

Originally created by @hartwork on GitHub (Apr 19, 2025).
Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/1148

Hi!

It has come to my attention that there is a (good) warning "Be sure to use the read-only API keys!" in the readme of https://github.com/healthchecks/dashboard and that made me remember that the problem could be prevented by design and altogether by using slightly different syntax for these two kinds, e.g. the read-only ones always starting with R and the writable ones starting with W. That would allow the backend to detect and reject token mix-up safely and easily.

The idea is from article https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html where the consequences of mix-up were even more severe.

Thanks for your consideration!

CC @hannob

Originally created by @hartwork on GitHub (Apr 19, 2025). Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/1148 Hi! It has come to my attention that there is a (good) warning "Be sure to use the read-only API keys!" in the readme of https://github.com/healthchecks/dashboard and that made me remember that the problem could be prevented by design and altogether by using slightly different syntax for these two kinds, e.g. the read-only ones always starting with `R` and the writable ones starting with `W`. That would allow the backend to detect and reject token mix-up safely and easily. The idea is from article https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html where the consequences of mix-up were even more severe. Thanks for your consideration! CC @hannob
kerem 2026-02-25 23:43:36 +03:00
  • closed this issue
  • added the
    feature
         label
kerem commented 2026-02-25 23:43:37 +03:00
Author
Owner
Copy link

@cuu508 commented on GitHub (Apr 22, 2025):

Adding prefixes to distinguish read-only and read-write keys is a good idea. We could do that for new keys going forward. The prefixes would make it easier for humans to spot mistakes.

I don't see how prefixes would help backend reject "wrong" keys. The read-write keys allow read operations, they are not write-only keys. When the backend receives a read operation but with a read-write key, how would it decide whether to reject it?

<!-- gh-comment-id:2820741303 --> @cuu508 commented on GitHub (Apr 22, 2025): Adding prefixes to distinguish read-only and read-write keys is a good idea. We could do that for new keys going forward. The prefixes would make it easier for humans to spot mistakes. I don't see how prefixes would help backend reject "wrong" keys. The read-write keys allow read operations, they are not write-only keys. When the backend receives a read operation but with a read-write key, how would it decide whether to reject it?
kerem commented 2026-02-25 23:43:37 +03:00
Author
Owner
Copy link

@hartwork commented on GitHub (Apr 22, 2025):

Adding prefixes to distinguish read-only and read-write keys is a good idea. We could do that for new keys going forward. The prefixes would make it easier for humans to spot mistakes.

@cuu508 cool!

I don't see how prefixes would help backend reject "wrong" keys. The read-write keys allow read operations, they are not write-only keys. When the backend receives a read operation but with a read-write key, how would it decide whether to reject it?

It may need an API endpoint (or mode) dedicated to read-only access and read-only keys that would reject read-write keys.

<!-- gh-comment-id:2821270411 --> @hartwork commented on GitHub (Apr 22, 2025): > Adding prefixes to distinguish read-only and read-write keys is a good idea. We could do that for new keys going forward. The prefixes would make it easier for humans to spot mistakes. @cuu508 cool! > I don't see how prefixes would help backend reject "wrong" keys. The read-write keys allow read operations, they are not write-only keys. When the backend receives a read operation but with a read-write key, how would it decide whether to reject it? It may need an API endpoint (or mode) dedicated to read-only access and read-only keys that would reject read-write keys.
kerem commented 2026-02-25 23:43:37 +03:00
Author
Owner
Copy link

@cuu508 commented on GitHub (Jun 2, 2025):

Implemented in #1167

<!-- gh-comment-id:2930545254 --> @cuu508 commented on GitHub (Jun 2, 2025): Implemented in #1167
kerem commented 2026-02-25 23:43:37 +03:00
Author
Owner
Copy link

@hartwork commented on GitHub (Jun 2, 2025):

Implemented in #1167

@cuu508 thank you! To be sure I understood the changes right: endpoint GET /api/v3/checks/ would not reject accidental use of read-write API keys or at least not yet, correct?

<!-- gh-comment-id:2931523964 --> @hartwork commented on GitHub (Jun 2, 2025): > Implemented in [#1167](https://github.com/healthchecks/healthchecks/pull/1167) @cuu508 thank you! To be sure I understood the changes right: endpoint `GET /api/v3/checks/` would not reject accidental use of read-write API keys or at least not yet, correct?
kerem commented 2026-02-25 23:43:37 +03:00
Author
Owner
Copy link

@cuu508 commented on GitHub (Jun 2, 2025):

Correct, GET /api/v3/checks/ accepts both read-write and read-only keys.

<!-- gh-comment-id:2931582164 --> @cuu508 commented on GitHub (Jun 2, 2025): Correct, `GET /api/v3/checks/` accepts both read-write and read-only keys.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
py2
v4.1.1
v4.1
v4.0
v3.13
v3.12
v3.11.2
v3.11.1
v3.11
v3.10
v3.9
v3.8.2
v3.8.1
v3.8
v3.7
v3.6
v3.5.2
v3.5.1
v3.5
v3.4
v3.3
v3.2
v3.1
v3.0.1
v3.0
v2.10
v2.9.2
v2.9.1
v2.9
v2.8.1
v2.8
v2.7
v2.6.1
v2.6
v2.5
v2.4.1
v2.4
v2.3
v2.2.1
v2.2
v2.1
v2.0.1
v2.0
v1.25.0
v1.24.1
v1.24.0
v1.23.1
v1.23.0
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.0
v1.17.0
v1.16.0
v1.15.0
v1.14.0
v1.13.0
v1.12.0
v1.11.0
v1.10.0
v1.9.0
v1.8.0
v1.7.0
v1.6.0
v1.5.0
v1.4.0
v1.3.0
v1.2.0
v1.1.0
v1.0.4
v1.0.3
v1.0.2
1.0.2
v1.0.1
v1.0
Labels
Clear labels   
bug

   
bug

   
bug

   
feature

   
good-first-issue

   
new integration

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
bug
bug
bug
feature
good-first-issue
new integration
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/healthchecks#793
No description provided.