Document user management and API keys

jbrooksuk · jbrooksuk · commit 8940db29ec68 · 2025-01-18T11:57:38.000Z
diff --git a/mint.json b/mint.json
@@ -76,6 +76,7 @@
         "v3.x/guide/metrics",
         "v3.x/guide/subscribers",
         "v3.x/guide/webhooks",
+        "v3.x/guide/users",
         "v3.x/guide/dashboard"
       ]
     }, {
@@ -85,7 +86,8 @@
         "v3.x/configuration/cachet",
         "v3.x/configuration/customization",
         "v3.x/configuration/theme",
-        "v3.x/configuration/beacon"
+        "v3.x/configuration/beacon",
+        "v3.x/configuration/api-keys"
       ]
     }, {
       "group": "Integrations",
diff --git a/v3.x/configuration/api-keys.mdx b/v3.x/configuration/api-keys.mdx
@@ -0,0 +1,43 @@
+---
+title: 'API Keys'
+description: 'Learn how to create and manage API keys in Cachet.'
+icon: 'key'
+---
+
+API keys are used to authenticate requests to the [Cachet API](/api-reference). You can create multiple API keys with different
+permissions to control access to the API. This is particularly useful if you want to give third-party services
+access to your Cachet data without granting them full access to your status page.
+
+## Creating an API Key
+
+To create an API key, follow these steps:
+<Steps>
+    <Step title="Step 1">
+        Go to the "Manage API Keys" page in the Cachet dashboard. This is located under the "Settings" navigation group.
+    </Step>
+    <Step title="Step 2">
+        Click the "New API Key" button. You will need to provide a name for the API key. This can be any name that helps
+        you identify the key.
+
+        You may select an expiration date for the token. This provides an extra layer of security as tokens will no longer
+        work after the expiration date. You may choose to leave this blank to create a token that never expires.
+
+        Finally, select the permissions for the API key. You may leave the permissions empty to select give full permissions.
+    </Step>
+    <Step title="Step 3">
+        Cachet will display the token in plain text. Make sure to copy the token and store it in a secure location.
+
+        <Warning>
+            Cachet will not display the token again. If you lose the token, you will need to create a new API key.
+        </Warning>
+    </Step>
+</Steps>
+
+## Revoking Tokens
+
+If you no longer need an API key, you can revoke it. To revoke an API key, click the "Revoke" button next to the key.
+
+<Warning>
+    Revoking an API key is irreversible. Once you revoke a key, it can no longer be used to authenticate requests to
+    the Cachet API.
+</Warning>
diff --git a/v3.x/guide/users.mdx b/v3.x/guide/users.mdx
@@ -0,0 +1,30 @@
+---
+title: 'Users'
+description: 'Learn how to manage users and access to your Cachet dashboard.'
+icon: 'user'
+---
+
+You may invite multiple users to your Cachet dashboard. This allows you to share the responsibility of managing
+incidents and components with your team.
+
+## User Levels
+
+Users may be configured with one of two levels of access:
+
+### Admin
+
+Admin users may add and manage additional users. They are able to change the user level of other users (excluding themselves).
+
+### User
+
+Users may view and manage components, incidents, subscribers etc, but they are not able to manage other users.
+
+## Limitations
+
+Cachet's user system is designed to be simple and easy to use. As such, there are some limitations:
+1. Two-factor authentication is not currently supported.
+2. There is no fine-grained control over user access to various resources.
+
+<Tip>
+    These limitations are only temporary and will be addressed in future versions of Cachet.
+</Tip>
