Managing an API Token for your Account

    Thursday, October 5, 2023In: Account & User Settings Print

    About API Tokens

    This article describes the use of API Tokens, based on OAuth 2.0 authentication protocol, as a means to access our APIs

    IMPORTANT: Your API token needs to be treated as securely as any other type of password. Make sure to store this token in a safe and secure location.  

    Rules for Using API Tokens

    You must update your API scripts with our new domain.
    • Tokens will automatically expire and be deleted after 180 days (regardless of whether the token was in use, or not). Once expired and deleted, the token will not be available to the user, and the user account will not have access to our APIs. Therefore, API tokens must be revoked and regenerated, before they expire.
    • Only one API token can exist, for any user, at any one time.
    • After generating a new API token, insert the new access key generated, into the script in the API. See our API documentation
    • API tokens are cross-regional (one API token for all regions). The user’s access is determined by his role and the Business Units he belongs to. 
    • If you need to disable the API Token option (to limit access by users), contact support. 

    Creating an API Token

    NOTE: If the API token options aren't available on your profile, contact your Master Admin. 

    To create an API token:

    1. Sign in to your account              
      (see Signing In).
    2. From the user dropdown menu on the upper right-hand corner, go to Edit Profile.  

    1. At the bottom of the API Token section, click Generate

    1. The New API Token dialog box appears.           

                
       
    2. The newly generated personal API Token appears (hidden) in the field.            
      If you want to view the hidden API token string, click the view icon (optional)
    3. Click Copy to copy the token into your clipboard.    
    NOTE: For security reasons, the token appears only once. You are not able to see the token again, after the dialog box closes! Therefore, make sure to store the token in a safe and secure location. 
    1. An email will be sent to the user, confirming the creation of a new API Token.                    
    2. After generating a new API token, insert the new access key generated into the script in the API. See our API documentation.

    Revoking an Existing API Token        

    NOTE: Do not confuse revoking an API token in the application with revoking an OAuth token in Salesforce, which is a different procedure serving a different purpose.  For information on how to revoke OAuth tokens in Salesforce, see here.

    To replace an existing API Token in your account, you must first revoke the existing API token (since only one API token can exist at any given time, for any user). 

    1. Sign in to your account (see Signing In).
    2. From the user dropdown menu on the upper right-hand corner, go to the Edit Profile page, and click Revoke.

    1.  The Revoke API token confirmation dialog box appears.

    1. Read the warning message, and then click Revoke, to confirm revoking the API token.
    NOTE: Revoking an API Token is not reversible, and the API token is revoked across all of your regions.
    1. You receive an email message confirming that your API token has been revoked.

     

     


     

    « Previous ArticleNext Article »


    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Own - All rights reserved.