Account & API Key Management
The Acceso Dashboard is the control plane for your account. It exposes configuration without exposing internal infrastructure.
The dashboard is a management interface. It is not a data execution layer. Dashboard actions map to secured backend APIs.
Account model (what you manage)
The dashboard manages account-level settings. It also manages API keys as the access primitive.
Most controls are enforced server-side. UI state mirrors backend configuration.
API key lifecycle management
Users can create, rotate, and revoke API keys in the dashboard. Each key can be labeled and scoped. Use that to separate environments and blast radius.
Recommended patterns:
One key per environment (
dev,staging,prod).One key per service, not per engineer.
Use labels that match your deployment units.
Core operations:
Key generation with tier-based defaults.
Manual revocation and rotation.
Usage visibility per key.
Keys are never displayed again after creation. This reduces exposure risk.
Treat dashboard key creation as a privileged operation. Store the key in a secret manager immediately.
Key creation semantics
Key generation uses tier-based defaults. Those defaults come from backend configuration.
Common defaults include:
Enabled API domains.
Rate limits and quotas.
Feature flags for staged rollouts.
Rotation (staged, no downtime)
Rotation should be staged. Keep old and new keys active temporarily.
Revocation behavior
Revoked keys fail authentication at request entry. No domain work should run for revoked keys.
Operational expectations:
Immediate enforcement on new requests.
Structured auth errors.
Non-sensitive telemetry for correlation.
Plan & feature visibility
The dashboard reflects the active plan on the account. It shows what the backend will enforce.
You can see:
Enabled API domains.
Rate limits and quotas.
Access to premium infrastructure features.
Feature availability is derived from backend configuration. It is not hardcoded UI logic.
Last updated