About REST-calls for tenant-users
- Tenant-users and JSON Web Tokens (JWTs) for tenant-users can be generated and administered by the Airlock Gateway admin only.
- Every JWT is bound to a user exclusively.
- Each tenant-user can be granted access to a set of configurational scopes of the Airlock Gateway via REST-calls.
- The scope of access rights has to be defined by the Airlock Gateway administrator via JWT.
- Best practice:
- Restrict REST-call functionality to the necessary minimum (least privilege principle).
- Advice and support tenant-users not to use regular expressions that create over-proportional high loads.
In extreme cases, users with extensive rights can create high loads (e.g. via adverse regex settings) similar to a DoS. High load will affect all tenant-users of the related Airlock Gateway instance!