Skip to main content

Provider Access

Authentication Methods

In order to use an API, it is necessary to exchange the required authenticators between Provider and Customer. For this purpose, authentication methods are supported by the Developer Portal, which can be stored when creating an API. If an API is added to an App, information is requested from the Customer during the activation request in accordance with the stored authentication method.

Available Authentication mMethods in the Developer Portal:

Authentication MethodsDescription
Access TokenThe Developer Portal creates access tokens and generates corresponding access token hashes, which are made available to the Customer (access token) and the Provider (access token hash). The Customer uses the access token to authenticate himself to the API provided by the Provider. The Provider checks the authenticity of the access using the access token provided by the Customer, the stored hash method and the access token hash.
Manual HandoverIf the “Manual Handover” authentication method is selected, no handover method of the authenticator is stored in the API. This means that the exchange of authentication information is regulated individually between Provider and Customer.
info

Manual Handover is defined as the default for each API.

Define Authentication Method at the Organization

To be able to assign an authentication method to an API, it is necessary to define an authentication method at the organization.

  1. menu: My organization
  2. tab: Access
  3. add method

Possible configurations of the authentication method “Access token”:

MethodLength of the stringRuntime
SHA25632 / 64 / 1281 year / 2 years / unlimited
danger

Only one access token can be defined per authentication method means for an organization!

Assign Authentication Method to an API

As soon as the authentication method has been stored at the organization, it can be assigned to 1 - n API products.

  1. create a new API or update an existing API
  2. assign the authentication method to the API

As soon as a Customer admin has added the API to an App and makes an activation request, the stored authentication method is used and a corresponding process is run, depending on the method, run through.

App Access Status

The App access status shows your organization whether an App can be accessed in general (all API products of the app). If the general access of the App is set to “red” by the Provider, the person responsible for the Customer receives a notification including a description of why access is blocked.

info

Provider action: An admin of a Provider can set the app access status to “red” via GUI or API. This means that the Provider has blocked access to all services in the App.

note

The App access status does not affect the authentication means stored in the app. The authentication means are therefore independent of the general access block (App access status) of the App. The access status of the individual authentication remedy remains unaffected.

Access for Apps

TermDefinition
AccessRequired authentication remedy to access an API.
Access StatusThe access status shows the current access status of an authentication remedy.
AuthenticatorThe authenticator contains the specific authentication information required to access an API.