Context
This ticket covers the implementation of a dual-purpose API Key system. The goal is to provide a seamless way for both users and organizations to authenticate with the platform outside of a standard browser-based user session.
Authentication Types
-
Personal Access Tokens (PATs):
These are keys generated by and tied to a specific User. When a request is made with a PAT, the system acts on behalf of that individual. It inherits the user's specific permissions and their current organization context. This is the primary method for users to run personal scripts or interface with the CLI.
-
Organization-Wide API Keys:
These are keys tied directly to an Organization (e.g., "Acme Corp"). They do not belong to a specific human. These keys allow the organization as an entity to carry out actions. This is essential for long-term integrations and infrastructure-level automation, ensuring that services don't break if a specific employee's account is deactivated.
Context
This ticket covers the implementation of a dual-purpose API Key system. The goal is to provide a seamless way for both users and organizations to authenticate with the platform outside of a standard browser-based user session.
Authentication Types
Personal Access Tokens (PATs):
These are keys generated by and tied to a specific User. When a request is made with a PAT, the system acts on behalf of that individual. It inherits the user's specific permissions and their current organization context. This is the primary method for users to run personal scripts or interface with the CLI.
Organization-Wide API Keys:
These are keys tied directly to an Organization (e.g., "Acme Corp"). They do not belong to a specific human. These keys allow the organization as an entity to carry out actions. This is essential for long-term integrations and infrastructure-level automation, ensuring that services don't break if a specific employee's account is deactivated.