Difference between revisions of "API Authentication"
From Charitylog Manual
(→Heading) |
|||
| Line 1: | Line 1: | ||
[[File:helpheader_small.png|right]] | [[File:helpheader_small.png|right]] | ||
| − | = | + | =API Access Overview= |
API access requires being a user of the system. A user in this context is anyone who has access to your data. Each user has a 2 tabs on their record which control this: | API access requires being a user of the system. A user in this context is anyone who has access to your data. Each user has a 2 tabs on their record which control this: | ||
* The Website and Call-round Access tab controls access to your data via our website, and/or our mobile app, Call Round. | * The Website and Call-round Access tab controls access to your data via our website, and/or our mobile app, Call Round. | ||
| Line 9: | Line 9: | ||
* Both. An example of this would be if Alice sometimes logs in via the website, and sometimes using a 3rd party app. Alice's access controls are the same in both situations, i.e. she will have the same access to branches, projects and fields. | * Both. An example of this would be if Alice sometimes logs in via the website, and sometimes using a 3rd party app. Alice's access controls are the same in both situations, i.e. she will have the same access to branches, projects and fields. | ||
| + | =How do I access the system via the API?= | ||
Instead of a user name and password, the API grants access based on three headers: | Instead of a user name and password, the API grants access based on three headers: | ||
* Source. Identifies the 3rd party software provider. If Example Software Ltd supplies a number of Dizions clients, they will use the same Source key for all requests. The Source key is provided, and periodically updated, via text message. | * Source. Identifies the 3rd party software provider. If Example Software Ltd supplies a number of Dizions clients, they will use the same Source key for all requests. The Source key is provided, and periodically updated, via text message. | ||
* Org. Identifies the charity or company | * Org. Identifies the charity or company | ||
| − | * User. Identifies the user within the charity or company | + | * User. Identifies the user within the charity or company. |
Currently, a user name and password are still required, even if the user has no website access. In the case, they can be made-up, and immediately forgotten. Removing the tick from their website access would prevent them logging in, even if they knew their password. | Currently, a user name and password are still required, even if the user has no website access. In the case, they can be made-up, and immediately forgotten. Removing the tick from their website access would prevent them logging in, even if they knew their password. | ||
| + | =API Access Overview= | ||
| + | The settings on a user record (User Group, project access, branch access etc.) control what a user can see and do. This is broadly the same whether the user is using the website or the API. | ||
Remember, that as a system administrator, you are responsible for controlling who has access to your data, whether via the website, Call-round or a 3rd party application. Switching off a user is the same regardless - make them inactive on their General Details tab. | Remember, that as a system administrator, you are responsible for controlling who has access to your data, whether via the website, Call-round or a 3rd party application. Switching off a user is the same regardless - make them inactive on their General Details tab. | ||
Revision as of 16:41, 9 April 2020
API Access Overview
API access requires being a user of the system. A user in this context is anyone who has access to your data. Each user has a 2 tabs on their record which control this:
- The Website and Call-round Access tab controls access to your data via our website, and/or our mobile app, Call Round.
- The 3rd Party Systems tab controls the access to your data that other systems have via the API
Using this approach, there are 3 possibilities:
- Website/Call-round access only. This will be most users of the system doing day-to-day tasks
- API access only. This could be to migrate data in from other systems, reporting dashboards etc
- Both. An example of this would be if Alice sometimes logs in via the website, and sometimes using a 3rd party app. Alice's access controls are the same in both situations, i.e. she will have the same access to branches, projects and fields.
How do I access the system via the API?
Instead of a user name and password, the API grants access based on three headers:
- Source. Identifies the 3rd party software provider. If Example Software Ltd supplies a number of Dizions clients, they will use the same Source key for all requests. The Source key is provided, and periodically updated, via text message.
- Org. Identifies the charity or company
- User. Identifies the user within the charity or company.
Currently, a user name and password are still required, even if the user has no website access. In the case, they can be made-up, and immediately forgotten. Removing the tick from their website access would prevent them logging in, even if they knew their password.
API Access Overview
The settings on a user record (User Group, project access, branch access etc.) control what a user can see and do. This is broadly the same whether the user is using the website or the API. Remember, that as a system administrator, you are responsible for controlling who has access to your data, whether via the website, Call-round or a 3rd party application. Switching off a user is the same regardless - make them inactive on their General Details tab.
