View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Mastodon setup Linode API Token Permissions?
Log in to Ask a Question
✓ Solved

Mastodon setup Linode API Token Permissions?

permissions api mastodon token

When I go to set up a new Mastodon instance, I am following the instructions here: https://www.linode.com/docs/products/tools/marketplace/guides/mastodon/

When I get to the step of selecting Mastodon from the App Marketplace, it opens up a form with a number of fields, including one for a Linode API Token. I then go to the API Tokens page for my account profile.

The problem is that the Linode Mastodon documentation does not tell me in detail what kind of token to create (Personal vs Third-Party Access), what permissions are needed for it, and what to set the expiration to. I would presume it is a Personal token, and the expiration should be set to Never, since I don't see any method in the Mastodon setup to automatically renew the token when it expires. If that is the case, then all I would need is the precise permissions it needs. I presume it will at least need the Domains read/write permission, since the setup documentation mentions needing to manage DNS records for Let's Encrypt, but is that all it needs? I try to be security-conscious, so I don't want to give it anything more than what it needs to function. I do plan on adding Object Storage for it, so would I also need to give it R/W for that? Anything else?

I would like to suggest adding this to the Mastodon setup documentation, as I can't imagine other Linode/Mastodon newbies will be able to figure it out easily, either.

1 Reply

Linode Staff

✓ Best Answer

You are correct that in this instance you should create a Personal Access Token, not a third-party or an Object Storage (OBJ) access key.

Functionally, this API key is only creating your Mastodon server's DNS records during deployment. This means that you could create a single-use key with DNS Read-Write permissions that you delete immediately after deployment if you don't want to create a key with a long expiration or more permissions than necessary.

When it comes to integrating OBJ, you will need a separate Access Key (different than the permissions granted with an API key with OBJ permissions) and will want to be more careful since this key needs to persist as long as you need to grant bucket access. For more information about how to integrate Mastodon and Linode's Object storage, be sure to check out the following guide:

Let's Encrypt/Certbot handles the SSL certificate generation and renewal separately and should automatically renew on its own.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct