You can now create, manage and set permissions for your API credentials, giving you more control over your data so you can develop on top of Sedna with confidence. Additionally, industry-standard OAuth 2.0 can now be used to authenticate and access Sednaʼs public API.
How it Works?
Enable and access
IT Support Users can enable this feature for themselves and other users in their organisation in Settings:
- Navigate to User Settings by clicking on your name in the bottom left-hand corner
- Select "Manager Users"
- Select the User Profile for yourself or another user
- Click on "Roles" Tab
- Toggle on “Manage API Credentials” to enable the feature
It can be disabled by going through the same steps as above and toggling it back off.
To see the new API Credential Management page and see any newly applied user roles, the user must log out and log back in (or log in after their session has expired).
Once enabled, users can access their API credentials by going to Settings > API Credentials Management.
Creating new API Credentials
- On the API Credentials Management page, click the “+ API Credential” button
- Enter the desired information into each field:
Name:
-
- The identifying name of the API Credential only visible in the API Credential Management page. Choose something that briefly describes the purpose of the credential.
Expiry:
-
- The date a credential will be invalidated. The expiry date can be up to one year from its creation date. After this, it will no longer be able to access any data through Sedna APIs.
Permissions:
-
- Using the tick boxes, select which endpoints the credential will have access to and the permission level for each. Any left unselected means the generated credential will not be able to access the endpoints which require those permissions. To know which endpoints you require for your credential, visit the Sedna Developer Docs.
Notes:
-
- Text field where you can add any details about the API credential, such as more details on the purpose of the credential or any relevant contact information. We highly recommend that you enter a clear description of the purpose for the key as you create it.
3. When you are done, click “Create” at the bottom of the page
Once complete, your new credential will be provided in the form of two items:
- Client ID
- Client Secret
🚨 Important Note:
**The Client Secret will only be shown once at the time of creation. It is your responsibility to take note and safely store your Client Secret elsewhere.**
Setting Permissions for new API credentials
For each API Credential, you can define which endpoints it will have access to i.e. the information it can push into and out of your Sedna. If you want to enable all available permissions, toggle on “All” at the top of the table.
Tip: Although you can enable all permissions, it is best practice to set the minimum required to build your application. It is recommended that you review the endpoints in our Developer Docs that you require for your credential and make a note of what permissions are associated with them before you create a credential.
| Available Permissions | |||
| API | Read | Write | Delete |
| Category Tag | ✅ | ✅ | ✅ |
| Comments | ✅ | ❌ | ❌ |
| Company Details | ✅ | ❌ | ❌ |
| Contact | ✅ | ✅ | ✅ |
| Document | ✅ | ❌ | ❌ |
| Event | ✅ | ❌ | ❌ |
| Job Reference | ✅ | ✅ | ✅ |
| Keyword | ✅ | ✅ | ✅ |
| Message | ✅ | ✅ | ✅ |
| Saved Search | ✅ | ✅ | ✅ |
| Team | ✅ | ✅ | ✅ |
| Template | ✅ | ❌ | ❌ |
| User | ✅ | ✅ | ✅ |
| Workflows | ✅ | ✅ | ✅ |
When viewing permissions for an existing credential, you will see an overview of its characteristics, permissions and notes.
Authentication method
When calling on Sednaʼs Public APIs using your newly generated credential you must use the OAuth 2.0 authentication method.
1. This authentication method is considered the industry standard for security and follows a Client Credentials flow for OAuth 2.0. To use it:
- Call the OAuth token endpoint also found in the Developer Docs to retrieve a JWT ● Add the following into the body of the request when making your request:
Client ID
Client Secret
Grant_type (this will always be “client_credentials”)
Scope (this can be left blank or specified)
- A 200 response from this endpoint will return a 60-minute JWT authorised to access the endpoints associated with your credential or endpoints specified by the permissions in your scopes
- Once it expires, refresh the token again using the same token generation endpoint
Using credentials
Using the credentials you have generated in Sedna, you can call the Public API Endpoints those credentials have permission to. Endpoints are listed in the Developer Docs, which are also linked in Sedna.
Revoking credentials
At any time, you can manually deactivate a credential, meaning it will no longer be valid and cannot be used. This action cannot be undone, so be sure it is appropriate to do so.
- Select the credential you want to revoke
- In the top right corner, click the “Revoke” button
- If you are sure you want to deactivate it, confirm In the Popup window
After the credential has been revoked it will remain visible in your API Credential Management table, but will have its “Status” updated to say “Revoked”. This allows you to audit details on past credentials, such as how long they were active for.
Definitions
| Term | Definition |
| Name | The name of the credential (for example, ‘Developer - Zeusʼ). Maximum 64 characters. |
| Created by | Which Sedna user in your tenant created the credential. |
| Expiry | The date a credential will be valid till. The expiry date can be up to one year from its creation date. |
| Status |
Active: Can be used to access endpoints. Revoked: A user manually deactivates the credential. No longer valid and cannot access endpoints. Expired: Has passed its defined expiry date. No longer valid and cannot access endpoints. |
| Notes | Text field where you can add any details about the API credential, like what it does and who to contact for more information. Max 250 characters |
| Developer Docs | A site hosted by Sedna which lists all the available Public APIʼs that an API credential can have access to. |
| Client ID | A unique identifier for the API credential. |
| Client Secret | A unique secret provided alongside the Client ID. Used to access the Public API directly or to retrieve an JWT auth token. |
| JWT JSON Web Token) | ‘An open standard RFC 7519 that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.ʼ Source) |
| Scope | An optional input field when requesting a JWT. It allows the API credential user to further limit which permissions they would like the JWT to have. The permissions specified will |
|
only work if the parent credential was granted to them at the time of creation. An example of what you can input into this field is something like “CATEGORY_READ”. Doing this would limit JWT to only access endpoints that require that permission even if the parent credential has access to all endpoints. Leaving this field blank means the JWT will have the same permissions as the parent credential itself. |
Comments
0 comments
Please sign in to leave a comment.