API - do I really need to be an owner?

I’m not sure I can even do this with the API. Any help is appreciated, even if it’s a pointer to the relevant docs.

I’ve been asked to run up some basic tasks via API - report on the number of users, for example.

Reading the docs [1] it seems to state I need to be an administrator with owner privileges.

This is so bonkers I can’t really believe it.

As I understand it, having the owner role allows one to access billing information, which is a role that we - and probably most orgs - restrict to managers. I don’t know about your manager but mine is too busy doing manager stuff to worry about cranking out the bits to use an API.

Surely there is another way.

[1] Duo Admin API | Duo Security

A new Duo Admin API application can only be created by an admin with the “Owner” admin role. Once they create the applications and assign whatever permissions they want the API application to have, anyone they pass the info to can use the API application creds to contact the API to pull information.

  1. Find a Duo admin in your org.
  2. Have them create the Admin API application with whatever you need (like, if you are getting info on users then it needs “read resource”).
  3. They give you the keys for that application.
  4. You create and run your API reports. You need never talk to the Duo owner again about it, unless you need something updated in the application (different perms, or secret key reset).