Mezmo is undertaking an important security initiative aimed at strengthening our overall security posture and safeguarding your data. In our continuous effort to provide a more secure environment, we will be deprecating our legacy service keys in favor of new Identity and Access Management (IAM) access tokens.
This transition represents a significant step forward in enhancing the security of your interactions with our services. IAM access tokens offer several key advantages over legacy service keys, including:
Enhanced Security: IAM access tokens provide more granular control over permissions and integrate with advanced security features, reducing the risk of unauthorized access.
Improved Flexibility: The new token system allows for more flexible and dynamic management of access rights, enabling you to manage your integrations with greater precision.
Future-Proofing: This change aligns with industry best practices for secure access management, ensuring that our security infrastructure remains robust and adaptable to evolving threats.
In an effort to position ourselves more inline with current practices, IAM access tokens are clearly identifiable via a three letter prefix representing each token starting with a standard signifier - st.
sta - Standard access token associated with a specific user and account
sts - Standard access token associated with a service account (non-human users)
ste - Enterprise access tokens associated with an enterprise entity overseeing many accounts
The primary alteration involves the authentication method for our public APIs through the api.mezmo.com domain. Authentication will now be managed through the standard Authorization header, using the Token scheme.
Example:
curl -H ‘Authorization: Token sts_f9093c388a92eaf519aeac9c25902fad3d708824’ https://api.mezmo.com/<path>
We understand that any change to your existing configurations requires careful planning. We are committed to making this transition as smooth as possible for you. Over the coming weeks and months, we will be providing detailed documentation, migration guides, and dedicated support to assist you in updating your systems to utilize the new IAM access tokens.
Please be assured that we will provide ample notice and resources before any legacy service keys are fully deprecated. Our goal is to ensure that all customers have sufficient time to migrate their integrations without disruption.
We will communicate further updates regarding the timeline and specific steps for this transition in the near future. In the meantime, if you have any immediate questions or concerns, please do not hesitate to contact our support team.
Thank you for your understanding and cooperation as we work to enhance the security of our services.