Giving Developers Access
What Credentials Should I Provide to Developers?
API Clients
- A developer may request a ClientID and Client Secret. These are stored in the database and can be found on the API Clients Page. You can create an API Client specifically for your application. The permissions you grant depend on the application and are determined by the User specified in the API Client record.
- Best practice: We recommend creating a new API User for each API Client so the Audit Log can track which integration makes changes.
- To do this:
- Add a Company Contact using the Add/Edit Company tool.
- Create a new user for the Company Contact you added.
- Make sure this user has a Security Role with Administrator rights.
- Add a new API Client record and name it something other than _apiClient. This name displays in the Audit Log.
- Your list of API Clients will look like this:
OAuth Credentials
- Developers will need a user login to access the Swagger Interface since the tool requires authentication. This boosts productivity because queries to the REST API can be prototyped and tested here without coding. In order to query system lookup tables, a developer should have the Setup Admin field set to Yes in the User record.
Page Permissions
- The user should be granted permissions for the pages that support the application being developed. It's often necessary to have access to related pages within the application. Make sure to remove permissions for sensitive records that are not necessary to the application.
- Give the user a security role with API Procedure permissions since these are used by the API.