New API Key Support - API40 (Manage API Keys and Access Permissions)
A new API Key Access Control has been implemented where we can create a specific API key that will have access to specific modules and sales channels that are selected for that key.
Only the endpoints enabled for that specific key will be accessible.
Let's understand the functionality:
- Now when you go to Settings -> API Key Access Controls (API v40+ only)
- You can create an API key by clicking on the New API Key button.
A new API key gets generated and for that key, you can control access to specific modules and channels you want. So if the user invokes an API using the key, only the endpoints and channels enabled for that key will be accessible.
Some endpoints, you will notice are by default disabled.
As an example, here let's set a few endpoints:
Modules:
- Lead
Endpoint - Create, Read Product
- Product Category
Endpoint - Create, Read Product Category
Channels:
Allow - Direct
Allow - POS
Note - You can check the details for each module here - API docs (V 4.0)
After enabling, click on Save, present at the bottom of the screen.
Now when you invoke an API using this particular key, you will have only access to the endpoints and channels that were enabled. Access to rest all other modules and channels will be restricted.
API Key Access Controls (API v40+ only) option is also available in French and Spanish languages.
Updated 2 months ago