Upcoming Security Enhancement: Stricter Access Control Enforcement on Fastly API
Upcoming Security Enhancement: Stricter Access Control Enforcement on Fastly API
10 June 2025, 15:00 UTC
10 June 2025, 15:00 UTC
As part of our ongoing commitment to security and meet compliance standards, we are implementing a change to implement stricter access control enforcement across our platform. This change enhances customer data protection and aligns our platform with industry best practices.
All customer accounts are anticipated to be impacted by this change and outlined below it is described how this change applies to your services and what actions you should take in order to avoid an undesired customer experience.
Fastly will be performing maintenance on our Security Console & API platform on the 10th of June 2025 from 15:00 to 16:00 UTC (~60 minute duration).
What’s Changing?
We are updating the GET https://api.fastly.com/user/{user ID}/ API endpoint in manage.fastly.com to implement more rigorous enforcement of permission checks. Specifically, users' data access will be further restricted based on role privileges (e.g. only superusers can retrieve information about other superusers).
What’s next? What do I have to do?
Integrations or automations that currently utilize the API endpoint, GET https://api.fastly.com/user/{user ID}/, in manage.fastly.com may be affected if they assume broader access than permitted by their role.
We request that customers review their current API usage by the 9th of June 2025 to ensure that only users with the required roles are utilizing this endpoint. Performing this review will prevent requests from users without the appropriate permissions from receiving an error 403 authorization message.