Alternative Keys: Fine-grained, REST API Access to Your Machine Learning Resources
Accessing BigML via our REST API is easy, requiring only a username and an API Key. Every account registered with BigML automatically gets a master API Key which has full access to all capabilities within your account. That is, with the master key you can programmatically create, retrieve, update or delete sources, datasets, models, ensembles, predictions, and evaluations, all via the command line, any of the API bindings that we or our fans have been developing, or your own private implementation.
We even make finding and using the API Key easy. BigML’s web interface provides an icon for each resource that lets you get its URL with the api key already encoded, allowing you to access the resource directly from within your application.
However, although the power of your master API Key makes working with BigML’s API easy, it also comes with potential risk. There is no way to share access to your resources in a limited way, and if you do share your master API Key, then you are granting access to every capability in your account. The only method to mitigate this risk previously was the ability to recreate your master key on demand:
In order to address this limitation, our latest release brings the ability to add Alternative API Keys to your account with finer grained controls. You can define what resources a key can access and what operations (i.e., create, list, retrieve, update or delete) are allowed with it. This is useful in scenarios where you want to grant different roles and privileges to different applications. For example, an application for the IT folks that collects data and creates sources in BigML, another that is accessed by data scientists to create and evaluate models, and a third that is used by the marketing folks to create predictions.
We have implemented some logic behind the scenes to ensure that the permissions you assign are sound. For example, if you want a key to be able to create models, it must also be able to read datasets and models; similarly, if you want your API key to be able to create evaluations it must be able to read datasets, models, and also evaluations.
If you give Alternative API Keys a try please let us know what you think, especially if there is anything we could improve to make it more useful. We appreciate your feedback and are available to help!