-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
minor updates: api keys, reorganization
- Loading branch information
1 parent
febec75
commit 301a137
Showing
8 changed files
with
72 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,24 +35,7 @@ Think about Turnkey API keys as an access-gating mechanism to Turnkey functional | |
|
||
### Are there limits on how many resources I can create, or activities I can execute? | ||
|
||
We have limits on the number of resources within a single organization to avoid performance slowdowns. You can scale your organizational resources beyond these limits via [sub-organizations](./getting-started/Sub-Organizations.md). You can create an unlimited number of sub-organizations within a single organization. | ||
|
||
Currently, the resource limits within a single organization are as follows: | ||
|
||
| Resource | Maximum number allowed | | ||
| :----------------------------- | :--------------------- | | ||
| Private keys | 1,000 | | ||
| Wallets | 100 | | ||
| Users | 100 | | ||
| Policies | 100 | | ||
| Invitations | 100 | | ||
| Tags | 100 | | ||
| Authenticators per user | 10 | | ||
| API keys per user (long-lived) | 10 | | ||
| API keys per user (expiring) | 10 | | ||
| Sub-Organizations | unlimited | | ||
|
||
If you are approaching any of these limits in your implementation and require support, reach out to the Turnkey team (<[email protected]>). | ||
See [resource limits](./getting-started/resource-limits). | ||
|
||
### Do you have any rate limits in place in your public API? | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
sidebar_position: 9 | ||
description: Organization resource limits | ||
slug: /getting-started/resource-limits | ||
--- | ||
|
||
# Resource Limits | ||
|
||
We have limits on the number of resources within a single organization to avoid performance slowdowns. You can scale your organizational resources beyond these limits via [sub-organizations](./Sub-Organizations.md). You can create an unlimited number of sub-organizations within a single organization. | ||
|
||
Currently, the resource limits within a single organization are as follows: | ||
|
||
| Resource | Maximum number allowed | | ||
| :----------------------------- | :--------------------- | | ||
| Private keys | 1,000 | | ||
| Wallets | 100 | | ||
| Users | 100 | | ||
| Policies | 100 | | ||
| Invitations | 100 | | ||
| Tags | 100 | | ||
| Authenticators per user | 10 | | ||
| API keys per user (long-lived) | 10 | | ||
| API keys per user (expiring) | 10 | | ||
| Sub-Organizations | unlimited | | ||
|
||
If you are approaching any of these limits in your implementation and require support, reach out to the Turnkey team (<[email protected]>). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,40 +1,16 @@ | ||
--- | ||
sidebar_position: 1 | ||
description: Learn about Users on Turnkey | ||
slug: /managing-users/introduction | ||
slug: /users/introduction | ||
--- | ||
# Introduction to users | ||
# Introduction | ||
|
||
Turnkey Users are resources within an Organization. Their attributes are: | ||
|
||
- UUID: a globally unique ID (e.g. `fc6372d1-723d-4f7e-8554-dc3a212e4aec`), used as a unique identifier for a User in the context of Policies or User Tags, or Quorums. | ||
- Name and email | ||
- Access type: whether a user has access to Turnkey via our dashboard (`ACCESS_TYPE_WEB`), API (`ACCESS_TYPE_API`) or both (`ACCESS_TYPE_ALL`) | ||
- Authenticators: a list of authenticators (see below for information) | ||
- API key: a list of API keys (see below for information) | ||
- User tags: a list of User Tag UUIDs | ||
|
||
A **user belongs to one organization**, and one organization can have many (**up to 100**) users. If you need to create more users, consider using Sub-Organizations. | ||
|
||
## User Credentials | ||
|
||
Credentials represent ways for Users to authenticate to Turnkey. All Turnkey Credentials are held by you, the end-user. Turnkey only keeps **public keys**. At the moment, Turnkey supports 2 types of Credentials: | ||
|
||
- Authenticators | ||
- API Keys | ||
|
||
### Authenticators | ||
|
||
Turnkey uses [Webauthn](https://www.w3.org/TR/webauthn-2/) for authentication into its dashboard (no passwords!). Authenticators on Turnkey represent a Webauthn device registered on Turnkey. | ||
|
||
When logging into Turnkey, you'll be prompted for a signature with a registered device. This signature is then verified to grant dashboard access. To avoid repeated signatures, Turnkey's dashboard uses session cookies for read traffic. However, all write actions require an authenticator signature. | ||
|
||
### API Keys | ||
|
||
Turnkey API requests are authenticated with API key signature. When you generate an API key (either through our CLI or through our dashboard), you generate a P-256 key pair. Turnkey keeps the public key, and you hold the private key. | ||
|
||
SDK requests or requests made with our CLI use the private API key to sign requests. Turnkey's public API expects all requests (to get data or to submit activities) to be signed. | ||
|
||
## Access Type | ||
|
||
An API user can only authenticate with API keys, a web-only user can only authenticate with Authenticators, and a web+api user can authenticate with either. There's currently no restrictions on the number of authenticators or API keys attached to a user. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,9 @@ | ||
{ | ||
"label": "Managing users", | ||
"label": "Users", | ||
"position": 3, | ||
"collapsed": false, | ||
"link": { | ||
"type": "generated-index", | ||
"description": "Managing organization users." | ||
"description": "Organization users." | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
--- | ||
sidebar_position: 2 | ||
description: Learn about user credentials and authentication on Turnkey | ||
slug: /users/credentials | ||
--- | ||
|
||
# Credentials | ||
|
||
Credentials represent ways for Users to authenticate to Turnkey. All Turnkey Credentials are held by you, the end-user. Turnkey only keeps **public keys**. At the moment, Turnkey supports 2 types of Credentials: | ||
|
||
- Authenticators | ||
- API Keys | ||
|
||
### Authenticators | ||
|
||
Turnkey uses [Webauthn](https://www.w3.org/TR/webauthn-2/) for authentication into its dashboard (no passwords!). Authenticators on Turnkey represent a Webauthn device registered on Turnkey. | ||
|
||
When logging into Turnkey, you'll be prompted for a signature with a registered device. This signature is then verified to grant dashboard access. To avoid repeated signatures, Turnkey's dashboard uses session cookies for read traffic. However, all write actions require an authenticator signature. | ||
|
||
### API Keys | ||
|
||
Turnkey API requests are authenticated with API key signatures. When you generate an API key (either through our CLI or through our dashboard), you generate a P-256 key pair. Turnkey keeps the public key, and you hold the private key. | ||
|
||
Requests made via SDK or CLI use the private API key to sign requests. Turnkey's public API expects all requests (e.g. to get data or to submit activities) to be signed. | ||
|
||
See our [API reference](./api#tag/API-Keys/operation/CreateApiKeys) for how to programmatically create API keys. | ||
|
||
#### Session keys | ||
|
||
Turnkey session keys are built atop API keys, with one key difference: they have an expiration date. This date can be specified using the `expirationSeconds` parameter within a `CREATE_API_KEYS` request. Session keys are an effective way for an application to authenticate requests on behalf of a user for a specific duration. |