Our API tokens can now be scoped by site or status page
Oh Dear has an extensive API that powers various powerful integrations.
To use the API, you first need to create an API Token in the Oh Dear UI. Previously, such a token could be used to make API calls to any site or status page in your Oh Dear account.
We noticed that some of our users are agencies that use Oh Dear to monitor their clients' sites. When such an agency passes an Oh Dear API Token to one of their clients, then that client could potentially use the broadly scoped token to view the results and settings of other clients of that agency.
In general, it's best practice to scope down the abilities of the token to the bare minimum it needs to do in the integration where it will be used.
Today, we're launching the ability to scope an API Token by site or status page. When creating a token, you can pick the sites and status pages it should have access to.
We hope that you like this nice addition.
If you're not using Oh Dear to monitor your site, now's the perfect time to get started. We monitor uptime, SSL certificates, broken links, scheduled tasks, application health, DNS, domain expiry and more. We send notifications when something's wrong. All that paired with a developer friendly API and kick-ass documentation.