Based in Amsterdam
Articles
Likes on articles
I'm a Senior Technical Analyst with the RIPE NCC, working on Whois and the RIPE database.
Email: eshryane@ripe.net
• 4 min read
API keys are a new way to authenticate updates in the RIPE Database. They are associated with a user’s RIPE NCC Access account, and are intended to help you script (automate) updates to the RIPE Database.
• 9 min read
The RIPE NCC was requested by the Database Working Group to perform an impact analysis for UTF-8 in the RIPE Database, including the technical and functional effects on the RIPE NCC itself. How would the RIPE Registry function with UTF-8? And what would be the impact on running the Registry?
• 5 min read
Unmaintained person objects in the RIPE Database were locked by the RIPE NCC so they could not be used to hijack resources. Now we plan to set the correct user maintainer on those person objects.
• 3 min read
A new feature that makes credentials in the RIPE Database consistent with the LIR Portal. This removes the need for manually updating the same information in two places. It also reduces the risk of having unathorised access to the wrong parties.
Showing 4 article(s)
“Only allowing keys to last a year is unreasonable. I suggest you should allow keys to have expiry of a few years (or even not expire at all), but require them to be locked-down to specific IPs. Also, PLEASE make sure you have robust email warnings for upcoming key expiration. This will likely break a lot of people's update scripts when they inevitably forget to refresh their API keys each year.”
Hello Charlie, thanks for your feedback. The 1 year expiry requirement was discussed last year: https://mailman.ripe.net/archives/list/db-wg@ripe.net/thread/CAT5DHOTRPU4YJJ22AT2BOPTYDSTCM5A/#2HRL43LB3L5FCSYBSA3R2BVFB54MILRN. The RIPE NCC Access service will send an email to the email address 2 weeks before an API key is due to expire. I suggest that users also make a calendar entry or similar reminder before a key expires. You can see when a key expires on the API keys page.
“Some legacy software still use password as HTTP query parameter will this still work? So if I generate and then use username & password can it be used as HTTP query parameters?”
Hi Tomaž any software that uses password authentication will need to be updated to use an alternative: https://docs.db.ripe.net/Authorisation/Authorisation-Model API keys are meant to be a "drop-in" alternative to passwords, by replacing the password query parameter with a HTTP Authorisation header, or use the HTTP client's username / password flags (e.g. for curl it's -u or --user).
“Fantastic to see this live Ed and thank you to you and the team for making it happen. Is there a full documentation page for the API by chance? Specifically, I'd like to know if the rest API supports updates via application types other than XML?”
Thanks Mick, that's a good idea. I'll update the appendix on API keys in the DB documentation : https://docs.db.ripe.net/Appendices/Appendix-K--API-Keys/
Hello David, unfortunately, the beta syncupdates page does not support the dry-run parameter. This is a bug that we should fix. in the meantime, please click "Switch to classic syncupdates" on the top right side of the page, in order to use the dry-run flag. Regards Ed Shryane RIPE NCC
Showing 4 comment(s)