Slash API Keys Admin vs. Client

amaster507 · September 9, 2020, 6:31pm

I kept on getting a forbidden response when trying to access Slash DQL query endpoint with a previous created API key.

Come to find out our API keys were all erased somehow along the way. Don’t know if we did this somehow or if it happened in an update?

Anyways, went to generate a new API key for Slash and I have to pick between either “Admin” or “Client”.

Looked at the documentation and found no reference to what key does what.

Authentication - Slash graphql

All the APIs documented here require an API token for access. A new API token can be generated from Slash GraphQL by selecting the “Settings” button from the sidebar, then clicking the Add API Key button. Keep your API key safe, it will not be accessible once you leave the page.

All admin API requests must be authenticated by passing the API token as the ‘X-Auth-Token’ header to every HTTP request. You can verify that your API token works by using the following HTTP example.
curl 'https://<your-backend>/admin' \
  -H 'X-Auth-Token: <your-token>' \
  -H 'Content-Type: application/json' \
  --data-binary '{"query":"{ getGQLSchema { schema } }"}'

https://dgraph.io/docs/slash-graphql/admin/authentication/

Can anyone shed light on what are the difference between the Admin and Client created API keys.

I was thinking maybe the difference was ability to update the DQL schema from the alter endpoint, but I am running in GraphQL mode so that is not even available.

Neeraj · September 10, 2020, 4:35am

Hey @amaster507, all the previously created api-keys are considered as the admin api-keys. Need to check why you were not able to access the DQL query endpoint and how your API keys got erased.

A client api-key is for operations like query, mutate or commit and an admin api-key is for admin operations like drop-data, destroy-backend, update-schema and client operations as well.

gja · September 10, 2020, 4:37am

@Neeraj I thought you could use admin keys for DQL as well?

Neeraj · September 10, 2020, 4:42am

Yes, we can use the admin key for DQL operations as well.

Neeraj · September 10, 2020, 3:13pm

Reference to the usage of API Key and type of roles it has.

Topic		Replies	Views
Queries with ADMIN Key should ignore @auth rules Dgraph Cloud / Slash GraphQL auth , dgraph , kind:enhancement	1	693	March 16, 2022
Slash DGraph Lambdas Feature Requests / Small Change Dgraph Cloud / Slash GraphQL slash-graphql , dgraph , kind:feature	5	1272	March 22, 2021
Can I perform queries / mutations to /admin endpoint ignoring the auth rule? Dgraph Cloud kind:question	6	433	July 27, 2021
Slash Lambda Field addGraphQLResolvers not passing JWT Dgraph Cloud / Slash GraphQL	11	939	March 9, 2021
Nothing changes when making mutations on Slash GraphQL with PyDgraph GraphQL kind:question , dgraph , dql	5	499	January 13, 2021

Slash API Keys Admin vs. Client

Related Topics