Why must I authenticate?
TrackVia uses Open Authorization (OAuth) Tokens to verify a user's identity and permission level before granting access to our API. This ensures account security by limiting API access and enforcing permissions. TrackVia provides Super Admin users the ability to create up to 100 unique authorization tokens, each with it's own expiration date and, potentially, it's own set of permissions.
To grant API access, follow the steps below to create Authorization Tokens.
Create an API User
To enable API access, users will first need to set up an API User. API Users are a special category of user and are used only for API connections and integrations. Designating a user as an API User means that user will:
- Have no Web or Mobile access to TrackVia. API Users are unable to use either the TrackVia web or mobile applications.
- Bypass Single Sign On (SSO). API Users bypass SSO login in order to prevent their Authorization Tokens inadvertently expiring due to SSO policies.
- Ignore password expiration policies. API Users are exempt from TrackVia password expiration policies in order to prevent the integration associated with their Authorization Token from accidentally expiring.
- Be eligible for Authorization Token creation. Only API Users may be used to create Authorization Tokens using the process described here.
- Have permissions managed like any other user. API Users will still need to be put in a properly configured role in order to have read, write, or delete permissions in an account.
Create an API Key
To enable API access, navigate to the API Access tab under My Account.
From this screen, first create an API Key. The API Key is unique to your TrackVia account and is a critical component for accessing the TrackVia API. Once generated, it cannot be changed or deleted. It can be copied for use in an integration using the clipboard icon. This API Key should be used as the user_key parameter in the header of API requests.
Create Authorization Tokens
After creating an API Key and at least one API User, Super Admins will be able to create Authorization Tokens. Create Tokens by clicking the Create Auth Token button.
A window will open for the Super Admin to set the Token's name, API User, and Expiration Date. Once created, these values cannot be changed.
Only active users designated as an API User will be shown in this window.
The expiration date can be any date in the future and will expire at Midnight UTC on the date selected.
Once created, Auth Tokens can be copied using the clipboard icon and used in Integrations. They can be deactivated by clicking the gear icon.
Deactived or expired tokens can be deleted by clicking the gear icon. While deactivated tokens may be reactivated, expired tokens may not. Replace expired tokens with a new Auth Token.
For more information, please consult our developer documents at https://developer.trackvia.com or contact TrackVia Support at firstname.lastname@example.org.