Adding or editing an API user
About API user accounts
The external integrations listed on the Integration Center page require an API user account to communicate securely with the application. We recommend creating a unique API user account for each integration so that you can easily trace lockout issues and monitor application activity.
An API user is a special type of account required for communication with the Autotask API. These accounts are free of charge, but they do not provide access to the Autotask UI. API users cannot be assigned as a resource to content such as opportunities or tickets, but they can be selected as a filter on fields and in widgets that are date, time, or audit stamps.
EXAMPLE System audit fields that are named Created By or Last Activity By include API users in their filtering options.
It is a best practice is to set up a separate API user account, and maybe even a separate API User (system) (API-only) or API User (system) Can't Read Costs (API-only) security level, for each integration with which your developers are working. Doing so enables you to tailor the security permissions to the areas required by each integration.
For partner integrations that appear on the Integration Center page, you can add API users right from the page. Refer to Integration Center.
About API System security levels
There are two similar but different default system security levels available for API user accounts. Before you create your API User, it's important to understand the level of access your resources and integration partners will receive with each.
API User (system) (API-only): Use this system security level for resources and integration partners who will work with integrations via the API and do not need to access Autotask via the UI. The API User (system) security level grants full access to all Autotask data, including internal costs, for the roles to which it belongs.
API User (system) Can't Read Costs (API-only): If you need to grant API User access to an integration partner, but you prefer that they not have the ability to view your internal cost data, select this security level. The API User (system) Can’t Read Costs role has access to all data for the roles to which it belongs, but calls to Query will return no data for cost fields. The API will also ignore calls to Update for cost fields.
IMPORTANT An API user is forbidden from creating resources (users). It is also prohibited from modifying its own security settings or updating multifactor authentication (MFA) configurations.
Creating an API user
SHOW ME Want to learn how to set up this feature? Log in to Autotask and begin the walk-through. (Feature access required)
To create an API user account, do the following:
- To open the page, use the path(s) in the Security and navigation section above.
- Populate or edit the following fields:
General
| Field | Description |
|---|---|
|
First/Last Name |
First Name, Middle Name, and Last Name are referenced in many other entities, usually in combination with a role the person is playing in this context or an action they are taking. Enter the individual's first (given) name, last name (surname), and, optionally, middle name. |
|
Email Address |
This email address will be used for notifications should there be a problem with the integration. Enter the email address of a person who will be able to take action if an error occurs. |
|
Active |
This value defaults to true. |
|
Locked |
If an API user has been locked out because of repeated unsuccessful log in attempts and that resource cannot unlock the account from the log in page, clear the check box to unlock the account. |
|
Security Level |
The Security Level list only includes active API-only security levels (in ascending alphabetical order) plus the currently assigned level, if that is now inactive. Select an API security level. |
|
Date Format |
The date format defaults to the default location’s date format. The drop-down selector contains all of the available date formats. |
|
Time Format |
The time format defaults to the default location’s time format. The drop-down selector contains all of the available time formats. |
|
Number Format |
The number format defaults to the default location’s number format. The drop-down selector contains all of the available number formats. |
|
Primary Internal Location |
The primary internal location determines the timezone associated with the API user. |
Credentials
| Field | Description |
|---|---|
|
Generate Key |
Click this button to auto-generate a 15-digit username (key). The Username (Key) field will be populated. |
|
Username (Key) |
This field is auto-populated when the Generate Key button above the field is clicked. You can override the auto-generated username if you meet the following requirements:
|
|
Generate Secret |
Click this button to auto-generate a 25-digit password (secret). The Password (Secret) field will be populated. |
|
Password (Secret) |
This field is auto-populated when the Generate Secret button above the field is clicked. The password will match the Password requirements configured in the system settings for Site Setup. If your target application does not allow 25-character passwords, you can shorten or override the auto-generated password. In Edit mode, the password is not displayed. If you need to see the password, you will need to click Generate Secret to generate or input a new password. |
Line of Business
All available Division > Line of Business pairings are listed in the Not Associated pane. You can associate an API user with a line of business, but be aware that any errors will not be visible to the user. Unless your business is strictly segregated by line of business, we advise against LOB associations.
EXAMPLE If an API user is not assigned to the line of business that billing items on an invoice are assigned to, then the invoice will not be transferred to QuickBooks.
To associate the API user with one or more lines of business, do the following:
- Select one or multiple Division > Line of Business pairings and click the right arrow. The pairings will move to the Associated tab. As needed, click the left arrow to remove a pairing.
- To allow the API user to view such items, select Resource can view items with no assigned Line of Business.
- Click Save & Close.
Refer to Associate a user with a line of business on the Resource page.
- Click Save & Close.
- Update your integration with the new API user's credentials. The application should now be able to authenticate into Autotask.
