Skip to content

feat: Add organization-wide API keys with uniform permissions #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Abid10892 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Add organization-wide API keys with uniform permissions #2

Abid10892 wants to merge 1 commit into from

Conversation

@Abid10892
Copy link
Collaborator

@Abid10892 Abid10892 commented Oct 10, 2025

What does this PR do?

This PR implements organization-wide API keys that grant access to all projects within an organization, including projects created after the API key is generated. Users can now create API keys with uniform permission levels (read/write/manage) that automatically apply to all current and future projects.

Key Features:

  • New "All Projects Access" toggle in the API key creation modal
  • Uniform permission level selection for organization-wide access
  • Automatic access to newly created projects without regenerating API keys
  • Backward compatibility with existing environment-specific API keys

Link to Devin run: https://app.devin.ai/sessions/d09fc93c64894880be0d2f67e0978dcf
Requested by: @Abid10892

How should this be tested?

⚠️ Critical: The database migration could not be tested locally due to missing DATABASE_URL environment variable. Please ensure the migration runs successfully in your environment.

Test Cases:

  1. Organization-wide API Key Creation:

    • Create an API key with "All Projects Access" enabled
    • Select different permission levels (read/write/manage)
    • Verify the key works for all existing projects

  2. Future Project Access:

    • Create a new project in the same organization
    • Verify the existing organization-wide API key can access the new project immediately
    • Test API calls to confirm permissions work correctly

  3. Backward Compatibility:

    • Verify existing environment-specific API keys continue working unchanged
    • Test mixed scenarios with both types of API keys in the same organization

  4. UI Functionality:

    • Toggle between "All Projects Access" and individual project selection
    • Verify form validation works correctly in both modes
    • Test permission level dropdown functionality

Checklist

Required

  • Filled out the "How to test" section in this PR
  • Read How we Code at Formbricks
  • Self-reviewed my own code
  • Commented on my code in hard-to-understand bits
  • Ran pnpm build (blocked by local environment setup)
  • Checked for warnings, there are none
  • Removed all console.logs
  • Merged the latest changes from main onto my branch with git pull origin main
  • My changes don't cause any responsiveness issues (needs testing)
  • First PR at Formbricks? Please sign the CLA!

Appreciated

  • If a UI change was made: Added a screen recording or screenshots to this PR (will add after testing)
  • Updated the Formbricks Docs if changes were necessary

⚠️ Review Focus Areas

High Priority:

  1. Database Migration: Verify the new allProjects and allProjectsPermission fields are added correctly
  2. Dynamic Permission Logic: Review the complex permission generation in getApiKeyWithPermissions - this dynamically creates environment permissions for all organization projects
  3. Authentication Flow: Ensure changes to core API key authentication don't break existing functionality
  4. Type Safety: Verify all TypeScript type changes are consistent across modified files

Medium Priority:

  • UI state management between toggle and permission selection
  • Form validation logic for the new fields
  • Backward compatibility with existing API keys

@devin-ai-integration @Abid10892
feat: Add organization-wide API keys with uniform permissions
3728a35 
- Add allProjects and allProjectsPermission fields to ApiKey model
- Update Zod schemas to support new fields
- Modify API key creation to handle all-projects mode
- Enhance authentication to dynamically generate permissions for all org projects
- Add UI toggle for 'All Projects Access' in AddApiKeyModal with permission level selection
- Ensure newly created projects are automatically accessible with existing API keys
- Maintain backward compatibility with environment-specific API keys

This allows API keys to grant access to all current and future projects in an organization with a uniform permission level (read/write/manage).

Co-Authored-By: syed.abid@earnestdata-analytics.in <syedabid22@gmail.com>
@devin-ai-integration
Copy link

devin-ai-integration bot commented Oct 10, 2025

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Abid10892