API Authentication & Access
A compelling and powerful reason to use TrackVia is the ease in which you can integrate it with your own applications, using our open API. Integrating your application with TrackVia extends the automation capabilities of the many apps you already use in your business. Today, TrackVia uses a OAuth mechanism to verify your identity before granting you access to our API. Yet, it’s cumbersome to create and manage the authorization tokens you would use in your integration - they expire, it’s hard to renew them and it requires you use a username / password to get access to the API.
Today, we’re happy to announce a new way of creating and managing authorization tokens within TrackVia. Our new “API Access” page under My Account gives our Super Admin users the ability to get their unique API key and to create up to 100 unique machine authorization tokens. We are giving you the ability to name each token, set any expiration date, deactivate them and/or delete them. This will provide extra security and a new way to manage your authorization tokens for all your different integrations.
Create an API User
Auth Tokens are tied to a new user account flag. The new flag is “API User”. A Super Admin that has access to user profiles can designate a user as an API User. Please note that designating a user as an API user will:
- Disable console access on both Web and Mobile. This means the user profile will not be able to use the TrackVia Web or Mobile application
- Bypass Single Sign On. The profile account will bypass your Single Sign On instance in order to prevent authorization tokens inadvertently expiring due to SSO policies
- Account will not expire. The account level password expiration policy will not apply to API User accounts. This is to prevent the integration associated with the auth token to inadvertently expire if the password expires.
There are several new and enhanced features in the new API Access page:
- Creation and retrieval of the API Key has moved from the primary account holders My Profile page to this new API Access page. There have been no changes to the usage or need for the API Key, i.e. it is still a critical component for accessing the API. This API Key should be passed as a user_key parameter in the header of your API requests.
- To generate your unique API Key, simply click the “Create API Key” button. The key will be displayed in the text area in the API Key section where it can be copied. Once a key has been generated, it cannot be changed or deleted.
API Auth Tokens
- The new page now includes the new Authorization Tokens section. This area is where Super Admin can create and manage up to 100 Authorization tokens.
- Tokens are created by clicking the “Create Auth Token” button. A modal window is presented where the token can be named, have an expiration date set and a user assigned to it.
- Note, available users are only those that have been designated as “API User”. This enables that specific account to be used for authentication for that token. It also allows all tokens to be disabled when that user account is disabled in the User Profile page.
- The expiration date can be set to any date in the future.
- Tokens will expire at Midnight UTC on the date selected.
- Once a token has been created, the token can be copied and used as needed for integrations.
- Individual tokens can be Deactivated by clicking the gear icon to the right of the token and selecting “Deactivate”
- Deactivated tokens can be re-activated by clicking the gear icon again and selecting “Resume”
- Once a token has been deactivated or it has expired, it can be deleted by clicking the gear icon and selecting “Delete”.
- Tokens that have expired cannot be reactivated or have a new expiration date set.