Why must I authenticate?
TrackVia uses Open Authorization (OAuth) Tokens to verify a user's identity and permission level before granting access to our API. This ensures account security by limiting API access and enforcing permissions. TrackVia provides Super Admin users the ability to create up to 100 unique authorization tokens, each with it's own expiration date and, potentially, it's own set of permissions.
To grant API access, follow the steps below to create Authorization Tokens.
Create an API User
To enable API access, users will first need to set up an API User. API Users are a special category of user and are used only for API connections and integrations. Designating a user as an API User means that user will:
- Restrict Web and Mobile access. API Users are unable to use either the TrackVia web or mobile applications.
- Bypass Single Sign On (SSO). API Users bypass SSO login in order to prevent their Authorization Tokens from inadvertently expiring due to SSO policies.
- Ignore password expiration policies. API Users are exempt from TrackVia password expiration policies.
- Be eligible for Authorization Token creation. Only API Users may be used to create Authorization Tokens.
- Have permissions managed like any other user. API Users will still need to be put in a properly configured role in order to have read, write, or delete permissions in an account.
Locate the API Key
To enable API access, navigate to the API Access tab under My Account.
The API Key is unique to your TrackVia account and is a critical component for accessing the TrackVia API. Once generated, it cannot be changed or deleted. It can be copied for use in an integration using the clipboard icon. This API Key should be used as the user_key parameter in the header of API requests.
Create Authorization Tokens
After creating at least one API User, Super Admins will be able to create authorization tokens by clicking Create Auth Token.
A window will open for the Super Admin to set the Token's name, API User, and Expiration Date. Once created, these values cannot be changed.
Only active users, designated as an API User, will be shown in this window.
The expiration date can be any date in the future and will expire at Midnight UTC on the date selected.
Once created, Auth Tokens can be copied using the clipboard icon and used in Integrations and Microservices. They can be turned off by clicking the gear icon and selecting Deactivate.
Inactive or expired tokens can be deleted by clicking the gear icon. While inactive tokens may be reactivated, expired tokens cannot be re-used.