Working with existing API partners

From Charitylog Manual
Revision as of 14:33, 10 July 2024 by Msim (talk | contribs)
Jump to: navigation, search

Go to API overview

If you are working with a 3rd party software company or your national body, who has used our API before, all you need to do is create a user for them, and provide them with the API keys. The process is the same if you are confident with APIs and are trying out the Example Integration. For a detailed explanation, see API Authentication.

1. Purchase the API module. For national reporting frameworks, your national body will have done this for you, please email admin@dizions.co.uk to ask them to enable the API.

2. Create a new user. An API user has the same access controls as a user of the web application, with the exception of "See my own clients" restrictions. You may want to create a dedicated user group for this, called API Users or similar. See Users for more detail.

3. Consider un-ticking the box on the CRM Access section, if you only want this user to have access to your data through the API, and not through logging in on our website. A password is required regardless, which can just be made up and forgotten, as the API user will use keys for authentication instead.

4. On the 3rd Party System Access section, tick the name of the 3rd party you are working with. This will generate the API keys, then click the Reveal Key button, and provide them with the keys. Remember that keys need treating with the same level of security as passwords. If you want to change the keys at any point, un-tick the box, and tick it again.

5. On the Fields Visible section, it's generally advisable to change the "How should the fields be derived?" box to User. This simplifies the Field Set access, and enables you to simply specify which this user will have access to.

Remember that as a system administrator, you are responsible for controlling the access rights of all your users, including API users, to ensure they only have access to the data you want them to see, and that they are made inactive when they no longer require access.

The following webinar will explain in more detail how this can be set up