Product Feature Guide
Table Of Contents
Access Keys Management Items, Their Description & Functionality
Introduction
The Access Key Management section enables technical teams to create and manage their list of access keys within the application for API integration projects. Access keys consist of two parts: an access key ID and an access key secret. It is required to use both the access key ID and access key secret together to authenticate your requests. An application programming interface (API), is a set of rules and protocols that defines how software programs can interact with each other. APIs provide a way for different software systems to communicate with each other and exchange data and functionality. They are another way of logging into our application and are specific to integrations. Access keys can be created or deleted only - they can not be edited once created.
Location
Management of API Keys is done through the Manager Portal:
- Select Manager Portal from the top menu.
- Select “Access Keys Management” from the left sidebar.
Access Keys Management Items, Their Description & Functionality
Search box - In the search box, you are able to enter text/keywords related to the previously created access keys. All Access Keys with the search criteria in them will appear in a list view.
‘Add New Access Key’ Button - Enables you to add a new Access Key to the list.
Sort Access Key List - Columns can be sorted by ascending or descending order by clicking on the arrow to the right of the heading title. When the arrow is facing upwards the list is sorted in ascending order. When it is facing downwards, the list is sorted in descending order. When you sort the list, the arrow in the column of which you sorted will hold in place to indicate what your sort criteria was.
Ascending: Descending:
Client ID - The Client ID is automatically generated by the system and is displayed in the list when a new Access Key is added. A Client ID is an identifier associated with an application that assists with client / server authentication for client APIs. Developers create a client ID by defining an application on their developer dashboard.
Client Secret - The Client Secret is automatically generated by the system and displayed in the list when a new Access Key is added. This key is used to identify your account. You can find your API secret key in the API page on your dashboard. You can also create new API keys in the same section if necessary.
Description - Description of the Access Key. This field is optional when adding a new Access Key. This description can assist identifying the calling project.
Owner First Name - First Name of the access key owner.
Owner Last Name - Last Name of the access key owner.
Owner Email - Email of the access key owner.
Owner Phone Number - Phone Number of the access key owner.
Created at - This field is automatically filled with the date and time the access key was added on the list.
Ellipsis - Clicking on the ellipsis opens up the option to delete an access key if necessary.
Scroll Bars - Located at the bottom of the list of access keys and to the far right of the screen. Use these to scroll horizontally and vertically to view content that may not fit entirely on the page.
Items Per Page - Depending on how large your list is, you may have more than one page of access keys. To navigate through pages use the ‘Items per page’ navigation at the bottom right hand side of your screen. With this functionality you can indicate how many items per page you would like to see in groups of 10, 15, 25, 50, or 100. You can also see how many pages there are and scroll forwards and backwards through the pages if need be.
Creating a New Access Key
To add a new access key:
- Select the Add New Access Key Button.
- Enter the mandatory fields of the key (Owner First Name, Owner Last Name, Owner Email, and Owner Phone Number).
- Click on the ‘Create Key’ button to add the access key to the list.
Note: The Client Secret is available to be copied only at this stage, after that it will be hidden (********). FundMore only stores a hashed version of it, so, if the API key gets lost you need to generate a new one (and delete the one lost from the Manager Portal).
Note: Access Keys can not be edited once created.
Deleting an Access Key
To delete an access key on the list, click the ellipsis icon located next to the key you wish to delete. Then, select the ‘Delete’ option from the menu that appears. The access key will be removed from the list.
Note: When an access key is deleted, you won’t be able to use it anymore, make sure you only delete access keys that are not used by any system.
Usage
Authentication (2 API calls)
Step 1: Authenticate the API KEY
body
{
"authFlow": "resource_owner_password",
"authParameters": {
"provider": "api_access_key",
"clientId": ${clientId},
"clientSecret": ${clientSecret}
}
}
${clientId} - get from Manager Portal
${clientSecret} - get from Manager Portal
HTTP POST Request
uri:
${apiUrl}/auth/authentication
body:body
request:
{
"authFlow": "resource_owner_password",
"authParameters": {
"provider": "api_access_key",
"clientId": "******", //GUID
"clientSecret": "********" //STRING
}
}
response:
{
"authenticationResult": {
"accessToken": "******", //JWT STRING
"idToken": "******", //JWT STRING
"refreshToken":"******", //JWT STRING
"tokenType": "bearer"
}
}
idToken will be needed on the following API call
Step 2: Issue scope context
headers
{
'authorization': ${idToken}, // idToken from previous authorization result
'accept': 'application/json'
}
${idToken} - get from previous authentication API call
HTTP GET request:
uri:
${apiUrl}/api/auth/scope-context
headers:
headers
response:
{
"scopeContextToken": "******" // JWT Token
}