Difference between revisions of "API Authentication Credentials"
(Created page with "The WHMCS API is available for administrative actions and its usage is described in depth within our developer [https://developers.whmcs.com/api/ API documentation]. WHMCS ve...") |
|||
Line 7: | Line 7: | ||
[[File:API_Cred_admin_menu_nav.png|300px]] | [[File:API_Cred_admin_menu_nav.png|300px]] | ||
− | ==Creating Admin API Authentication Credentials== | + | ==Managing API Credentials== |
+ | |||
+ | ===Creating Admin API Authentication Credentials=== | ||
Click the ''Generate New API Credential'' button to open ''Generate New API Credential'' dialog screen. You must select the admin member of staff for whom the new credential will authenticate. You may optionally provide a description for contextual reference. | Click the ''Generate New API Credential'' button to open ''Generate New API Credential'' dialog screen. You must select the admin member of staff for whom the new credential will authenticate. You may optionally provide a description for contextual reference. | ||
[[File:API_Cred_generate_select_admin.png|550px]] | [[File:API_Cred_generate_select_admin.png|550px]] | ||
Line 27: | Line 29: | ||
Furthermore, you may alter the admin's login password freely without invalidating credentials provisioned by this feature. If you disable or remove entirely an admin user, any associated API credentials will become invalid. As noted above, if your copy of the ''Secret'' is forgot or otherwise unknown, simply create a new API credential pair, then use the freshly generated ''Identifier'' and ''Secret'' in your integration. ''We advise you promptly delete the former credential pair whose secret is unknown'' | Furthermore, you may alter the admin's login password freely without invalidating credentials provisioned by this feature. If you disable or remove entirely an admin user, any associated API credentials will become invalid. As noted above, if your copy of the ''Secret'' is forgot or otherwise unknown, simply create a new API credential pair, then use the freshly generated ''Identifier'' and ''Secret'' in your integration. ''We advise you promptly delete the former credential pair whose secret is unknown'' | ||
− | ==Updating Credential Descriptions== | + | ===Updating Credential Descriptions=== |
You may update the description for a credential at any time. This field is provided to enable effective management of multiple credentials associated with a given admin users and for your contextual use. | You may update the description for a credential at any time. This field is provided to enable effective management of multiple credentials associated with a given admin users and for your contextual use. | ||
To update a description, locate the desired credential by utilizing the ''API Credential'' table's search function and/or by using column sorting & pagination. Once you have found the credential, click the current description to active the editor. | To update a description, locate the desired credential by utilizing the ''API Credential'' table's search function and/or by using column sorting & pagination. Once you have found the credential, click the current description to active the editor. | ||
− | [[File:API_Cred_edit_desc.png| | + | [[File:API_Cred_edit_desc.png|250px]] |
Once you have typed in the new description, click the check button to the immediate right. | Once you have typed in the new description, click the check button to the immediate right. | ||
− | ==Removing Admin API Authentication Credentials== | + | ===Removing Admin API Authentication Credentials=== |
You may revoke API authentication by removing a generated credential. | You may revoke API authentication by removing a generated credential. | ||
Revision as of 14:32, 11 April 2017
The WHMCS API is available for administrative actions and its usage is described in depth within our developer API documentation.
WHMCS version 7.2 introduces the ability to generate unique API authentication credentials. This allows for better management and security for provisioning access to API connected devices and systems. API authentication with an admin's login username and password is allowed for backwards compatibility, however it is not recommend and may be deprecated in a future release.
Admin API authentication credentials are managed in the Admin area by navigating to Setup > Staff Management > Manage API Credentials
Contents
Managing API Credentials
Creating Admin API Authentication Credentials
Click the Generate New API Credential button to open Generate New API Credential dialog screen. You must select the admin member of staff for whom the new credential will authenticate. You may optionally provide a description for contextual reference.
Click the Generate button to provision a unique API credential for the selected admin user. The dialog screen will update and provide the credential Identifier and Secret. These two values should be used in leu of the admin's username and password for API authentication. To the right of each value is a quick copy button for your convenience.
After you have copied and saved the Identifier and Secret in a private and secure location, you may exit the dialog screen by clicking either the X at the top right corner or outside the dialog screen.
Once a credential pair has been generated, it will be itemized in the API Credentials table.
You may create as many API credential pairs for an admin as you require. You may remove any credential pair to invalidate access and authentication attempts that are received with that Identifier.
Furthermore, you may alter the admin's login password freely without invalidating credentials provisioned by this feature. If you disable or remove entirely an admin user, any associated API credentials will become invalid. As noted above, if your copy of the Secret is forgot or otherwise unknown, simply create a new API credential pair, then use the freshly generated Identifier and Secret in your integration. We advise you promptly delete the former credential pair whose secret is unknown
Updating Credential Descriptions
You may update the description for a credential at any time. This field is provided to enable effective management of multiple credentials associated with a given admin users and for your contextual use.
To update a description, locate the desired credential by utilizing the API Credential table's search function and/or by using column sorting & pagination. Once you have found the credential, click the current description to active the editor.
Once you have typed in the new description, click the check button to the immediate right.
Removing Admin API Authentication Credentials
You may revoke API authentication by removing a generated credential.
To remove a authentication with a given credential, locate the desired credential by utilizing the API Credential table's search function and/or by using column sorting & pagination. Once you have found the credential to be removed, click the delete button found in the right most column of that row.
A confirmation dialog screen will be presented. Click the Delete Credentials button to permanently remove the credential.