PeeringDB to require MFA and API keys

By on 24 Mar 2025

Category: Tech matters

Tags: , ,

Blog home

PeeringDB is a freely available, user-maintained database that serves as the go-to resource for interconnection data worldwide. It supports the global interconnection of networks at Internet Exchange Points (IXPs), data centres, and other interconnection facilities, making it the first stop for anyone making interconnection decisions.

Starting 1 July 2025, PeeringDB will introduce a mandatory second factor to enhance security and protect user accounts. If you use the PeeringDB API for automated updates, you will also need to use an API Key.

Importantly, anonymous usage is not affected by this change — you will still be able to query the website or API without authentication. However, users who make updates or access contact information will be required to implement Two-Factor Authentication (2FA).

To make this transition smoother, we have streamlined the user interface with a single control page for managing second factors. You can choose from the following 2FA options:

  • Time-Based One-Time Password (TOTP)
  • Universal 2nd Factor (U2F) tokens
  • Passkeys

We encourage all users to update their settings and ensure they are prepared for the upcoming changes.

Figure 1 — U2F hardware authentication security keys, Tony Webster, CC BY 2.0.
Figure 1 — U2F hardware authentication security keys, Tony Webster, CC BY 2.0.

Users can set up multiple second factors for added flexibility. For example, you can use both a TOTP app on your phone and a U2F token. To ensure continued access if your usual methods are unavailable, you can also download and securely store backup codes.

Some organizations may need to transition users from shared role accounts to personal accounts. There is no limit to the number of accounts an organization can have, and our system provides tools to manage permissions for individual users effectively.

Figure 2 — Permissions tab in the ‘organization’ view.
Figure 2 — Permissions tab in the ‘organization’ view.

If you use our API to automate updates or access contact details, you’ll need an API key.

To make things easier if you lose a credential, we offer self-service account recovery. Just click the link on the login page, and we’ll send you an email with recovery instructions (Figure 3).

Figure 3 — Self-service account recovery starting point.
Figure 3 — Self-service account recovery starting point.

All users can get support by emailing support@peeringdb.com.

If you have suggestions to improve PeeringDB, feel free to share them on our low-traffic mailing lists or create an issue directly on GitHub. If you come across a data quality issue, just let us know through the same support email.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

Top