K
Kinde13mo ago
Martin

Restricting access to Kinde API

https://kinde.com/docs/user-management/user-permissions/ describes how I can create custom permissions for managing what the users of my application are allowed to do. https://kinde.com/docs/build/add-a-m2m-application-for-api-access/ describes how I can enable M2M access to the Kinde API. Is there any way to restrict which Kinde API methods are allowed to be called? I'd like to be able to restrict the access to ensure that if the Client Secret ever got leaked, it couldn't be used to delete all of my Users? Related, does Kinde support any kind of Backup/Restore functionality to help recover from any kind of accidental / malicious data deletion?
Kinde Docs
Manage user permissions - User management - Help center
Our developer tools provide everything you need to get started with Kinde.
Kinde Docs
Add a machine to machine application - Build on Kinde - Help center
Our developer tools provide everything you need to get started with Kinde.
3 Replies
onderay
onderay13mo ago
Thanks for the question @Martin one of the team will be able to answer shortly. @Martin Currently, Kinde does not support the ability to restrict which API methods can be called for a specific client. Once a client is authenticated, it has the ability to call any of the API methods that are part of the Kinde Management API. This is not the best situation and the team is working on making this more secure. Will have an answer to your other question shortly.
Martin
MartinOP13mo ago
This isn't high priority for me but is more of a nice to have. Can you give me an idea of where this fits into your roadmap?
onderay
onderay13mo ago
@Martin it will probably be a Jan or Feb 2024 roll out
Want results from more Discord servers?
Add your server