Multiple Gainsight API Connectors for Multiple Access Keys

Reviving this idea from a 2-year slumber.

Only allowing one API key to be created at any given time is crazy (no ability to set permissions on the key, keys being visible as plain text in the edit connections box are other concerns that should be addressed).

Consider the following downsides:

• Security Risks - if the single API key is used across multiple sources, if that key is compromised then all services relying on it are exposed to potential misuse. Additionally, it’s an increased attack surface because you can’t isolate just one key.
• Permissions - with one key you can’t work by the security principles of ‘minimum permissions to get the job done’; would you give someone the keys to your whole house if they only needed into the shed?
• Operational Upkeep - rotating a single key is cumbersome since the one key needs to be updated across all systems simultaneously, if it can’t then it leads to downtime.

tl;dr - Gainsight needs to overhaul this aspect of their application and provide the ability not just to create multiple keys, but also provide permission sets too.

would you give someone the keys to your whole house if they only needed into the shed?

As a big fan of analogies for clarity, this one is next-level.

I’m glad to see my 2 year old idea getting some comments!

So, so many concerns here -- the security ones are especially concerning for me! @kstim for awareness.

Love this. In building management / construction, we call this a master key system. 

+1 to this idea. With the recent security incident and following Gainsights recommendations to rotate keys, we’ve been actively reviewing and updating credentials across our connections. Relying on a single shared, full-access API key for multiple integrations is concerning. We would love to have support for multiple API keys with scoped permissions or at least multiple keys so we can rotate them easier as needed.

​@benwanlessmenlo with a nearly prophetic request from three years ago! 100% agree, that especially in light of...recent events, this is no longer just a “nice to have”. ​@revathimenon can we make sure someone in the security realm at Gainsight has 👀on this?

Going to help dogpile on this request. With the recent security incident, and the latest recommendation to rotate API keys, I think this is going to be a must-have for anyone that really uses the Gainsight API. Almost every other solution with API access out there allows you to generate multiple keys for different integrations. Can Gainsight work like this? Allow us to generate a key for a specific purpose. Never allow us to see that key again. But allow us to revoke keys as needed.

We integrate data from different sources, each supported by a different team. It would be helpful to be able to rotate the key for each integration separately in co-ordination with one team, rather than coordinating with all teams at once.