API Authentication

From Charitylog Manual
Revision as of 09:24, 19 June 2020 by Msim (talk | contribs) (API Keys)
Jump to: navigation, search

Go to API overview

Helpheader small.png

API Access Overview

API access requires being a user of the system. A user in this context is anyone who has access to your data. Each user has a 2 tabs on their record which control this:

  • The Website and Call-round Access tab controls access to your data via our website, and/or our mobile app, Call Round.
  • The 3rd Party Systems tab controls the access to your data that other systems have via the API

Using this approach, there are 3 possibilities:

  • Website/Call-round access only. This will be most users of the system doing day-to-day tasks
  • API access only. This could be to migrate data in from other systems, reporting dashboards etc
  • Both. An example of this would be if Alice sometimes logs in via the website, and sometimes using a 3rd party app. Alice's access controls are the same in both situations, i.e. she will have the same access to branches, projects and fields.

API Keys

Instead of a user name and password, the API grants access based on three headers:

  • Source. Identifies the 3rd party software provider. If Example Software Ltd supplies a number of Dizions clients, they will use the same Source key for all requests. The Source key is provided, and periodically updated, via text message.
  • Org. Identifies the charity or company, and the system type. So Example Charity's Live system will have a different Org key to Example Charity's Training system
  • User. Identifies the user within the charity or company.

Managing users

The settings on a user record (User Group, project access, branch access etc.) control what a user can see and do. This is broadly the same whether the user is using the website or the API. Remember, that as a system administrator, you are responsible for controlling who has access to your data, whether via the website, Call-round or a 3rd party application. Switching off a user is the same regardless - make them inactive on their General Details tab. To create a new API user: 

* In the web application, click the Settings Cog > User Access > Users. Click Create New User
* Fill in the General User Details as normal
* On the Website Access tab, consider un-ticking the Charitylog / Crossdata if you want this user to only access your data through the API
* Save the record
* On the 3rd Party Systems tab
Retrieved from ‘https://wiki.dizions.co.uk/index.php?title=API_Authentication&oldid=12933