DF Studio user accounts with the “Asset API Access” setting enabled can authenticate to the DF Studio Enterprise Asset API and, once authenticated, are not constrained by permissions settings or other restrictions for operations conducted through the API. To protect against incidental or malicious misuse of such accounts, the following steps are recommended for all API users.
1. Create a very secure password for the API user. A minimum of 16 characters is recommended, but a stronger password would be ideal. (Consider a password generator for assistance creating a unique password.) For further password security guidelines, see Login and Password Security.
2. Encrypt this password anywhere it is stored within the external application’s code base and do not store it in plaintext under any circumstances.
3. Configure the Base Permissions for the API user to “No Access” within the DF Studio application, to prevent any unintended access by anyone using the API user’s credentials to log in to the web application.
Base Permissions can be overridden by assigned permissions at any level of the DF Studio Library (for instance, on a specific Project, Collection, or a folder and its contents). Take care when configuring the “Everyone Else” assigned permission, as any permissions assigned at that level will also be granted to users with “No Access” as a base permission.