Skip to main content
  • Home
  • Ideas
  • Multiple Gainsight API Connectors for Multiple Access Keys

I would like to be able to add multiple connectors of the type “Gainsight API”. This way each connection (integration) has its own Access Key.

Currently If I try to add more than one I received this error message:

You have reached the maximum number(1) of connections allowed for this connector.

 

Business Use-Cases:

  • When discontinuing a relationship with a vendor, I can revoke their specific Access Key without affecting any other users that are using that have API access. 
  • For security reasons, if there is a breach at a specific vendor we can quickly and securely reset or revoke their access key without interrupting other business workflows.
  • It will allow us to associate individual API calls with their source buy naming the connector separately.

Reviving this idea from a 2-year slumber.

 

Only allowing one API key to be created at any given time is crazy (no ability to set permissions on the key, keys being visible as plain text in the edit connections box are other concerns that should be addressed).

 

Consider the following downsides:

 

  • Security Risks - if the single API key is used across multiple sources, if that key is compromised then all services relying on it are exposed to potential misuse. Additionally, it’s an increased attack surface because you can’t isolate just one key.
  • Permissions - with one key you can’t work by the security principles of ‘minimum permissions to get the job done’; would you give someone the keys to your whole house if they only needed into the shed?
  • Operational Upkeep - rotating a single key is cumbersome since the one key needs to be updated across all systems simultaneously, if it can’t then it leads to downtime.

 

tl;dr - Gainsight needs to overhaul this aspect of their application and provide the ability not just to create multiple keys, but also provide permission sets too.

would you give someone the keys to your whole house if they only needed into the shed?

As a big fan of analogies for clarity, this one is next-level.

I’m glad to see my 2 year old idea getting some comments!

 

...

  • For security reasons, if there is a breach at a specific vendor we can quickly and securely reset or revoke their access key without interrupting other business workflows.

Reviving this idea from a 2-year slumber.

  • Security Risks - if the single API key is used across multiple sources, if that key is compromised then all services relying on it are exposed to potential misuse. Additionally, it’s an increased attack surface because you can’t isolate just one key.
  • Permissions - with one key you can’t work by the security principles of ‘minimum permissions to get the job done’; would you give someone the keys to your whole house if they only needed into the shed?
  • Operational Upkeep - rotating a single key is cumbersome since the one key needs to be updated across all systems simultaneously, if it can’t then it leads to downtime.

 

tl;dr - Gainsight needs to overhaul this aspect of their application and provide the ability not just to create multiple keys, but also provide permission sets too.

 

So, so many concerns here -- the security ones are especially concerning for me! @kstim for awareness.

would you give someone the keys to your whole house if they only needed into the shed?

As a big fan of analogies for clarity, this one is next-level.

Love this. In building management / construction, we call this a master key system. 

 

Terms & ConditionsCookie settings