Roles and Access Control for API Keys

Introduction

API keys can be used not only for authentication, but also to manage access to system resources and apply restrictions on such access. This is done via assigning of roles to API keys. Roles must be associated with specific system resources such as models and applications.

Refer to API Keys to learn more.

Step 1: Create API Key

You can define API keys in DIAL Core dynamic settings in the keys section.

Refer to Create API Key to see details.

Step 2: Assign Roles (Required)

You can define roles in DIAL Core dynamic settings in the roles section.

Refer to Assign role(s) to see details.

Step 3: Configure Access and Restrictions

In the roles section of the DIAL Core dynamic settings, you can also include optional sharing and token usage limits for roles.

Note: If limits are not configured the access is unlimited.

In the following example, we define the basic role with limits for the chat-gpt-35-turbo model and sharing limits for applications and files.

Refer to dynamic settings to see other configuration options for roles.

//Example extract from aidial.config.json
"keys": {
    "proxyKey1": { //API key
        "project": "Project1",
        "role": "basic" // the name of the role
    }
},
"roles": {
    "basic": { // the name of the role
        "limits": {
            "chat-gpt-35-turbo": {
            "minute": "100000", //number of tokens per minute
            "day": "10000000", //number of tokens per day
            "week": "10000000", //number of tokens per week
            "month": "10000000", //number of tokens per month
            },
        "share": {
            "APPLICATION": {
                "invitation_ttl": "24",
                "max_accepted_users": "10"
                },
            "FILE": {
                "invitation_ttl": "24",
                "max_accepted_users": "10"
                }
            }
        }
    }
}