US 12,225,019 B2
System for enforcing least privileged API access with dynamically scoped identification and access tokens
Sumedh Wasudeo Sathaye, Austin, TX (US); Yi Fang, Sharon, MA (US); Yidong Wang, Weston, MA (US); Ranjit Kollu, Norfolk, MA (US); Murali Kadala Keloth, Austin, TX (US); David Scott Thompson, West Hollywood, CA (US); and Ching-Yun Chao, Austin, TX (US)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Jul. 11, 2023, as Appl. No. 18/220,629.
Prior Publication US 2025/0023878 A1, Jan. 16, 2025
Int. Cl. H04L 9/40 (2022.01); G06F 9/54 (2006.01)
CPC H04L 63/105 (2013.01) [G06F 9/547 (2013.01); H04L 63/083 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implementable method for performing a data center monitoring and management operation, comprising:
establishing a secure connection between a data center asset contained within a data center and connectivity management system of a data center monitoring and management console, the data center monitoring and management console includes an application programming interface (API) access management system, the API access management system performing an API access management operation, the API access management operation managing authorized access to a particular API;
generating a request for a client identifier or an access token for access to a target API by a user, the target API being associated with the data center asset;
providing the request for the client identifier or the access token to the API access management system;
obtaining an access policy associated with the target API, the access policy identifying access permissions associated with the user;
determining a least privileged API access permission based upon the access policy associated with the target API; and,
using the client identifier or access token to access the target API when the least privileged API access permission allows access to the target API.