DF Studio user accounts with the “Asset API Access” setting enabled can authenticate to the DF Studio Enterprise Asset API and, once authenticated, are not constrained by permissions settings or other restrictions for operations conducted through the API. It is strongly recommended that all uses of DF Studio user accounts to access the API should migrate to the use of API Credentials as soon as possible.
For any cases in which it is necessary to continue authenticating to the API through a user account, the following steps are recommended to protect against incidental or malicious misuse.
1. Create a very secure password for the API user. A minimum of 16 characters is recommended, but a stronger password would be ideal. (Consider a password generator for assistance creating a unique password.) For further password security guidelines, see Login and Password Security.
2. Encrypt this password anywhere it is stored within the external application’s code base and do not store it in plaintext under any circumstances.
3. Configure the Base Permissions for the API user to “No Access” within the DF Studio application, to prevent any unintended access by anyone using the API user’s credentials to log in to the web application.
Base Permissions can be overridden by assigned permissions at any level of the DF Studio Library (for instance, on a specific Project, Collection, or a folder and its contents). Take care when configuring the “Everyone Else” assigned permission, as any permissions assigned at that level will also be granted to users with “No Access” as a base permission.