We've deprecated support for Heroku API Key-based integration. Existing Heroku accounts in our system will continue to work for a while. However, when reauthorizing existing Heroku account integrations, you will have to upgrade to OAuth. Once you've upgraded, the old Heroku API Key will be removed from our system. All new Heroku API integrations will use OAuth exclusively.
Switching over to OAuth improves reliability, security, privacy and convenience. Benefits of switching to OAuth include:
- HireFire receives a dedicated access token which it uses to perform the necessary API calls against your account. The access token isn't used for multiple services, unlike the previous Heroku API Key which might be used to integrate multiple non-HireFire services (i.e. your own scripts).
- The Heroku API Key provided full access to your account, but with OAuth we're able to limit our access scope. We use the write scope which is the bare minimum we need to provide our autoscaling service. This prevents HireFire from being able to access sensitive information such as your configuration variables.
- Authorization for HireFire can be revoked at any given time from the Heroku Dashboard without affecting any of your other services that might've otherwise become unauthorized due to the fact that they shared the same token.
- No expiration. Access through OAuth allows us to continue our service without interruption unless authorization for HireFire is explicitly revoked by you. Previously, updating your Heroku password or enabling two-factor authentication on Heroku resulted in the regeneration of your Heroku API Key, and therefore the invalidation of the previous key. This is no longer an issue with our OAuth integration.