Access to API keys
API keys can only be added and administered by Administrator level users.
To generate API keys you need to navigate to Administration/Company/Settings/API/API V2 settings or you can click below:
Once on this page you will see the below:
To add a new key, you just need to choose the endpoint in the left column and then the access permissions you wish to give for this key. You can choose from:
Create - this allows the key to create new data
Read - this allows the key to read existing data
Update - this allows the key to update existing data
Delete - this allows the key to delete existing data
Download - this allows the key to download an existing document
In addition, you can also specify which fields the key has access to - for example, if you were integrating with a calendar then you may just want to display the employee name, start date and end date.
If you do not choose to restrict the fields the key can access, the key will be able to access ALL fields.
It is NOT possible to limit key access to a sub set of employees, for example - if a key has access to Employees then they will be able to see all permitted fields for all employees.
In that instance you would pick Employee time off as the end point, then tick Read and in the final right hand column click on fields and choose the fields you wish the key to be able to access:
Once you are happy, click Generate key at the bottom left of the screen - you will then see a success message with the key included.
You can also see your current keys by scrolling to the bottom of this page - from here if you click the (i) icon you can also see which fields that key has access to.
If you need to revoke access for a specific key, find the key in the list at the bottom of the screen and click the delete (x) icon.
If you wish to remove access for ALL keys, you can click the red Revoke ALL keys button in the bottom bar - this will immediately remove all keys and prevent further access.
This process cannot be reversed
Once you have revoked a key, it is not possible to undo this - you would need to generate all required keys again and replace all keys in use in third party systems with the new key(s).
Updated over 2 years ago