Giving Developers Access
What credentials should I provide to developers?
API Clients
- A developer may request a ClientID and Client Secret. These are stored in the database and can be found on the API Clients Page. You can create an API Client specifically for your application. The permissions you grant depend on the application and are determined by the User specified in the API Client record.
- Best practice: We recommend you create a new API User for each API Client so the Audit Log can track which integration makes changes.
- To do this:
- Add a Company Contact using the Add/Edit Company tool.
- Create a new user for the Company Contact you added.
- Make sure this user has a security role with Administrator rights.
- Add a new API Client record and name it something other than _apiClient. This name displays in the Audit Log.
- Your list of API Clients will look similar to this:
OAuth Credentials
- Developers need a user login to access the Swagger Interface since the tool requires authentication. This boosts productivity because you can prototype and test queries to the REST API here without coding. To query system lookup tables, a developer should have the Setup Admin field set to Yes in the User record.
Page Permissions
- Grant the user permissions for the pages that support the application being developed. It's often necessary to have access to related pages within the application. Make sure to remove permissions for sensitive records that are not necessary to the application.
- Give the user a security role with API Procedure permissions since the API uses these.