Background: I work for an MSP in a sysadmin role so please forgive my limited dev skills. I'm looking at using the Unity API to integrate Webroot endpoint data into a LOB application. I have experience with making REST API calls via PowerShell to set custom properties and variables based on response data.
I can create an API key in our GSM, but I'm not seeing any options to restrict the key to specific sites, datasets, read-only, etc permissions. Ideally, I'd like to limit key permissions to only allow a specific user account to make 'GET SkyStatus' calls to endpoints in a single site. If possible, I'd also like to restrict API key usage to a specific IP address.
Can anyone provide further guidance on hardening GSM console security when using the Unity API?