Setting Security
ZEPETO Render-it provides a Security Group to enable safe use of API Key and Token. Security Group is a function that prevents unauthorized use by limiting where and to whom an API key or Token can be used. You can add IPv4 CIDR or Referer of HTTP Header as a Security Group rule and edit it at any time. New or modified rules are automatically applied to all API Keys and Tokens associated with the Security Group.
If the API Key or Token is exposed, anyone can use ZEPETO Render-it, which causes unexpected charges. Therefore, we strongly recommend you to set Security Group on each API Key and Token.
How to create Security Group
- Go to Security Group section of your workspace.
- Click Create.
- Enter the information below and click Create.
- Name: It is generally used as a representative name for the security. It’s an essential value so can’t be emptied.
- Description: The optional value for brief description of the Security Group.
- Type: Type of Security Group's rule you want to allow. It cannot be changed after creation.
- Set as Default: When set, the corresponding Security Group is selected by default when creating an API Key or Token. Only one Security Group can be set per type.
- Rule: Define the rules to be allowed of the security group. Multiple values can be added.
- Description: Optional value that can indicate location or target information of the rule.
- CIDR / URL: The value of the security rule to allow. Value's format must match the Type.
Delete Security Group
If there are resources using the Security Group, it cannot be deleted. You must first change the Security Group of the bound resources. Therefore, we recommend to proceed after creating a Security Group to change.