Preventing outages from API tokens at Fastly
Timeline: January 2022 - October 2022
I led product design and ux research alongside two engineering teams and a product manager.
Authentication tokens are tied to human user accounts and are subjected to user account lifecycle management. For example, when an employee leaves the company, their user account and associated tokens are revoked. Using these tokens in automated processes can lead to outages when tokens are suddenly revoked, costing our customers downtime.
Admins auditing these tokens can run into compliance issues not knowing who triggered certain events. Customer retention depended on this feature being shipped.
In close collaboration with both engineering teams and the product manager, we designed and shipped a service accounts API and UI beta in October 2022. Service accounts are used to enable non-human clients, such as continuous integration and build systems, to perform actions via the Fastly API. Customers can now programmatically create and manage service accounts.
Engineering and I designed and shipped new audit log filtering for specific IDs (e.g. service and token) for increased auditability of account events. In addition, we designed and shipped an accessible design system component variant enabling a common bulk action, now used across multiple product lines.
Without a product manager during mission critical stages of the project, I took on a cross-functional leadership role and partnered with engineering management. I recommended we add features to the scope that improved the existing authentication token experience. We were able to ship those in general availability in October 2022, improving the auditing experience for our entire customer base.