Details
-
Type: Improvement
-
Status: Done/Fixed
-
Priority: Major
-
Resolution: Fixed/Completed
-
Affects Version/s: Unscheduled
-
Fix Version/s: 4.6.12
-
Component/s: CiviCRM API, Core CiviCRM
-
Labels:
-
Documentation Required?:None
-
Funding Source:Core Team Funds
Description
Securely setting up an API key to integrate an external system demands significant effort, e.g.
- Setup HTTPS (generate keypair, generate csr, get it signed, install to server)
- Create a site key
- Create a CMS user
- Create a role and assign permissions to the role
- Assign an API key
- Send the site key and API key to the external system
- (Note: For some scripts, like bin/cron.php, the process is very similar, but you use a username and password instead of an API key.)
In an ideal world:
- An admin who wants to make a link could simply say "Connect to system X", review the expected permissions, and approve. Similarly, revoking access should be as simple as "Disconnect"ing.
- Permissions would be more fine-grained. In addition to specifying "view all contacts" or "administer CiviCRM", allow filtering based on specific API entities/actions/params.
- Public services aimed for general usage could be certified/audited to ensure that they operate securely (and banned if they abuse their access).
- Communications would be strongly encrypted, even on diverse/funky hosting infrastructure.
Attachments
Issue Links
- links to
(4 links to)
1.
|
CiviConnect: Allow apps to define a "Settings" link | Done/Fixed | Tim Otten |
|
|
||||||||||
2.
|
CiviConnect: Publish and consume a certificate revocation list | Done/Fixed | Tim Otten |
|
|
||||||||||
3.
|
CiviConnect: Implement enable/disable buttons | Done/Fixed | Tim Otten |
|
|
||||||||||
4.
|
CiviConnect: Detect changes in app metadata and prompt for approval | Open | Tim Otten |
|
|
||||||||||
5.
|
CiviConnect: Allow unlisted services without disabling security | Open | Tim Otten |
|
|
||||||||||
6.
|
CiviConnect: Deploy | Done/Fixed | Tim Otten |
|
|
||||||||||
7.
|
CiviConnect: Publish anonymized site profiles | Done/Fixed | Coleman Watts |
|
|