Limit access

[Ali md Moussawi]

how to limit access to killbill APIs per customer account? 

[Pierre-Alexandre Meyer]

Hi Ali,

We provide a RBAC framework to control API access, see https://docs.killbill.io/latest/user_management.html for details.

If you need more advanced functionality, this would need to be implemented outside of Kill Bill (e.g. use a tool like Apigee).

Hope this helps!

On Thu, Mar 23, 2023 at 12:13 PM Ali md Moussawi <alimdmo...@gmail.com> wrote:

how to limit access to killbill APIs per customer account? 

--
You received this message because you are subscribed to the Google Groups "Kill Bill users mailing-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to killbilling-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/killbilling-users/8764d58c-3f55-4a10-b839-1a2f2c023d79n%40googlegroups.com.

--

Pierre

[Ali md Moussawi]

this was your answer on a question asked before I want to know more details about it:
" or 2), we do not offer a customer portal for your end users, but you can integrate yours (or your website) with Kill Bill using our APIs. "

[Ali md Moussawi]

is this approach be helpful for me :"Create user accounts for each customer that needs access to the Killbill APIs.
Implement an authentication mechanism that requires users to provide valid credentials, such as a username and password, to access the Killbill APIs.
Once a user is authenticated, check their account information to ensure that they have permission to access the specific Killbill APIs they are requesting. You can use role-based access control (RBAC) to restrict access to specific APIs based on the user's account type or other attributes.
Implement rate limiting and throttling to prevent excessive usage and potential abuse of the APIs.
Monitor the usage of the APIs and log any suspicious activity for further investigation."

On Thursday, March 23, 2023 at 1:56:09 PM UTC+2 Pierre-Alexandre Meyer wrote:

[Pierre-Alexandre Meyer]

Hi Ali,

I'm not sure what your exact question is, but the message below was a suggestion for you to build your own customer portal (using a technology like Rails, ReactJS, etc.) and integrate with Kill Bill using our REST APIs (https://killbill.github.io/slate/).

Kind regards,

To view this discussion on the web visit https://groups.google.com/d/msgid/killbilling-users/e77686a2-36d5-4297-b90d-1581029fc288n%40googlegroups.com.

--

Pierre

[Ali md Moussawi]

Hi Pierre,

okay here you are suggesting customer portal and integrate it with Kill Bill APIs and that is what I want but customer portal is for customer account and Kill Bill APIs requires user account credentials, I want to have credentials of my customers. 

regards,

Ali Moussawi

[Pierre-Alexandre Meyer]

Hi Ali,

This would need to be implemented outside of Kill Bill.

To view this discussion on the web visit https://groups.google.com/d/msgid/killbilling-users/526a1f88-5f8e-4f6a-a5a4-1bfc5329d984n%40googlegroups.com.

--

Pierre

[Ali md Moussawi]

okay lets make it clear, I have to build layer above Kill Bill. I will have another authentication and authorization on that layer and it will interact with Kill Bill by a certain user account.

for example I will have to create a spring boot project and integrate with Kill Bill using java client library using a certain user account credentials and only one user account and a relation between customer account and the customer layer security phase.

[Ali md Moussawi]

Is it doable to create a Kill Bill to build a one to one relation between  user account and customer account. I want to create a user role called customer which is related to certain customer account so when the user call Kill Bill APIs will use user account(customer role) credentials and automatically the APIs will use certain customer account Id and return the data of that customer account Id and the customer cannot use another customer account Id.