We’ve just deployed an update to the Linode API’s authentication system that allows users to have multiple API keys and also two-factor authentication. You can manage your keys via My Profile, as well as add them via the user.getapikey() API call.
Keys can have an expiration date after which they’ll become invalid, and you can give keys memorable labels. You can also manually revoke keys at any time. Keys are only shown once immediately after they’re generated, and are not retrievable after that. If you lose a key, you’ll need to generate a new one.
Unlike previously, a call to user.getapikey() will now only create a new key. If you have two-factor authentication enabled and don’t provide the token parameter, the call will fail with the NEEDTOKEN error.
Since the Linode Mobile app relies on the user.getapikey() call, users with two-factor authentication enabled will need to wait for the app to be updated – we’re working on shipping that update as soon as possible.
Enjoy!
Comments (4)
But you still don’t set the Access-Control-Allow-Origin header. Ugh.
https://forum.linode.com/viewtopic.php?f=7&t=10525
Still no two-factor on LISH. 🙁
You can disable password authentication on lish (making it ssh-key only) on your My Profile.
this may be useful alot for protection purpose