Skip to main content

Warrant Changelog — Feb 2024

· 3 min read
The Warrant Team
Authorization Infrastructure for Developers

Warrant Changelog - Feb 2024

Hey folks! We're back and ready to tell you about our second batch of updates for the year! In this changelog, we'll primarily focus on (1) a new way to authenticate with the Warrant API to perform admin operations and (2) a new set of API endpoints for managing environments programmatically.

Admin API Keys

First up, we've introduced a new type of API key. We call these new keys Admin Keys. Since there are now two types of API keys, the existing API keys you know and love are officially called Application Keys now. This is just a name change, and the keys themselves will continue to work just like they did before.

Admin keys on the other hand are quite different. They're not scoped to a specific environment like application keys. Instead, they can be used to manage organization-level resources (more on this in the next section).

The addition of admin keys unlocks a lot of potential improvements to how teams manage their authorization model and access rules across environments, so stay tuned on this front as we continue to add more uses for admin keys! 👀

Org admins can view, create, revoke, and roll admin keys from the Account > API Keys section of the Warrant Dashboard. For a more detailed rundown of API key authentication, check out our new docs page covering Authentication.

Environment Management API

The first major use case for admin keys is environment management! A lot of teams using Warrant have requested this for a while. Most of them run automated tests against Warrant (using our CLI or SDKs) as part of their CI workflow to validate their authorizaton model as it changes over time.

Currently, the problem with this approach is that the resources created in a test environment during a test run need to be cleaned up afterward if the environment is to be used again for future test runs. This turns out to be quite a pain for developers, especially in cases when a test run fails and leaves the environment dirty.

Today, we're introducing a set of new API endpoints for managing environment, so developers can setup programmatic workflows that:

  1. setup a new environment with their authorization model and some seed data
  2. run a suite of tests against the model (using our CLI or SDKs)
  3. schedule the environment for deletion upon completion of the test suite.

These new endpoints are only accessible using an admin key. Check out the API Reference for Environments to learn more about how to use them.

Share Your Feedback 👩‍💻

That's all for this update! If there's a feature or improvement you'd like to see us work on next, join our Slack Community and let us know! Happy building everyone! 🛠️