Feature Requests Add a read-only API key with read access to all endpoints
Open
I’d like to have a read-only API key for server-side use that has read access to all endpoints.
Currently, there’s only two options:
- The read-only API key (advertised as “for js integrations”) can only access a limited set of data-providing API endpoints.
- The super-powered API key provides write access. That might impose an unnecessary security risk.
I maintain an MVC application that retrieves data from updown.io’s API for server-side rendering. The API key is only accessible to the server’s administrators. I’ve used the read-only API key for least privilege access, as the application will only ever use read access under all circumstances. Unfortunately, this locks it out from a few endpoints that would provide more detailed data.
dlang.at/updown
Created on May 03, 2026 · Last update on May 04, 2026
1 Comment
Hello,
Indeed there's a few read endpoints (or params) that I chose to limit access on the read-only API key in order to avoid leaking sensitive informations (phone numbers, email addresses, passwords, API keys, etc..). Of course I could create yet another API key type but that would increase complexity and confusion for users. So for such use-case I would recommend using the regular (write access) API key as it's not accessible publicly in your system.
I'll keep this open to see interest but I don't really want to increase the complexity of the product for everyone only to cover a few "nice to have" if I can avoid it. Which endpoint were you interested in using ?
Sign in to comment