andness
andness9mo ago

What is the best way to create a service user?

We have some nightly test code that will use Windmill as an API for various operations. We'd like to limit access to just the necessary API functions. For this we think we should use a group and grant the group access to the relevant folders. We're also planning to add a "service user". Since this requires a valid email address we'll either have to use a google groups address or something like developer+service@example.com. The other options seems to be to create webhook tokens for each function that the tests will call. This gives the tightest security, but it appears that the calls will authenticate as the admin user that created the tokens? Are there other options that we're missing?
2 Replies
rubenf
rubenf9mo ago
what about creating service users and use webhook specific tokens with those ?
andness
andness9mo ago
Good point, that gives both the tightest security and a better trail. Only annoying part of having a service user is that you have to have an email and log in as that user to do the various configurations.