Provider Access
Authentication Methods
In order to use an API, it is necessary to exchange the required authenticators between Provider and Customer. For this purpose, authentication methods are supported by the Developer Portal, which can be stored when creating an API. If an API is added to an App, information is requested from the Customer during the activation request in accordance with the stored authentication method.
Available Authentication mMethods in the Developer Portal:
| Authentication Methods | Description |
|---|---|
| Access Token | The Developer Portal creates access tokens and generates corresponding access token hashes, which are made available to the Customer (access token) and the Provider (access token hash). The Customer uses the access token to authenticate himself to the API provided by the Provider. The Provider checks the authenticity of the access using the access token provided by the Customer, the stored hash method and the access token hash. |
| Manual Handover | If the “Manual Handover” authentication method is selected, no handover method of the authenticator is stored in the API. This means that the exchange of authentication information is regulated individually between Provider and Customer. |
Manual Handover is defined as the default for each API.
Define Authentication Method at the Organization
To be able to assign an authentication method to an API, it is necessary to define an authentication method at the organization.
- menu: My organization
- tab: Access
- add method
Possible configurations of the authentication method “Access token”:
| Method | Length of the string | Runtime |
|---|---|---|
| SHA256 | 32 / 64 / 128 | 1 year / 2 years / unlimited |
Only one access token can be defined per authentication method means for an organization!
Assign Authentication Method to an API
As soon as the authentication method has been stored at the organization, it can be assigned to 1 - n API products.
- create a new API or update an existing API
- assign the authentication method to the API
As soon as a Customer admin has added the API to an App and makes an activation request, the stored authentication method is used and a corresponding process is run, depending on the method, run through.
App Access Status
The App access status shows your organization whether an App can be accessed in general (all API products of the app). If the general access of the App is set to “red” by the Provider, the person responsible for the Customer receives a notification including a description of why access is blocked.
Provider action: An admin of a Provider can set the app access status to “red” via GUI or API. This means that the Provider has blocked access to all services in the App.
The App access status does not affect the authentication means stored in the app. The authentication means are therefore independent of the general access block (App access status) of the App. The access status of the individual authentication remedy remains unaffected.
Access for Apps
| Term | Definition |
|---|---|
| Access | Required authentication remedy to access an API. |
| Access Status | The access status shows the current access status of an authentication remedy. |
| Authenticator | The authenticator contains the specific authentication information required to access an API. |