API Management
Introductionโ
This comprehensive guide details the API Management dashboard, an essential component of the Global Settings area. The API Management section enables super administrators to generate, manage, and track API tokens for platform integration, view API URLs used across the platform, and access detailed API documentation. This documentation provides step-by-step instructions for navigating and utilizing all features within the API Management dashboard.
Table of Contentsโ
- API Management
Accessing API Managementโ
Navigation Pathโ
- Log in to the platform with super admin credentials
- Locate the left navigation bar
- Select Global Settings from the navigation options
- From the displayed options, click on API Management
Access Restrictionsโ
Important: API Management settings are accessible only to users with super admin privileges. Regular admin users or standard users will not have access to these configuration options.
Dashboard Overviewโ
Upon accessing the API Management dashboard, you will be redirected to a dedicated page that provides comprehensive tools for managing API integration with the platform. The dashboard is organized into several key sections:
| Section | Description |
|---|---|
| API URLs | Lists all API endpoints available in the platform |
| Token Creation | Interface for generating new API tokens |
| Existing API Tokens | Management console for viewing and managing active tokens |
| API Usage Documentation | Access to comprehensive API documentation |
API Tokensโ
API tokens are used to authenticate requests to the platform's API endpoints, enabling secure integration with external systems and applications.
Creating New Tokensโ
To generate a new API token:
- Navigate to the API Management dashboard
- Locate the token creation section
- Enter a descriptive Token Name that identifies the purpose or system using this token
- Configure the token expiration settings:
- Select No Expiration for tokens that should remain valid indefinitely
- Or set a specific expiration date for temporary access
- Click the Create button to generate the token
Important: After token creation, you will be presented with the generated API token. This token will only be displayed once, so it's essential to:
- Copy the token immediately by clicking the Copy button
- Store the token securely in your integration environment
- Never share tokens via unsecured channels
Token Display Formatโ
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Managing Existing Tokensโ
After creating tokens, you can manage them in the Existing API Tokens tab:
- Navigate to the Existing API Tokens section
- View all active tokens with information including:
- Token name
- Creation date
- Expiration status
- Last used timestamp
- Delete tokens that are no longer needed by:
- Locating the token in the list
- Clicking the Delete button next to the token
- Confirming the deletion when prompted
Security Note: Deleted tokens cannot be recovered. If access is needed again, a new token must be generated.
API Usage Documentationโ
The API Management dashboard provides access to comprehensive documentation for all available APIs:
- Navigate to the API Usage Docs section
- Click the View Documentation button
- The platform will display detailed documentation including:
- Available endpoints
- Request parameters
- Response formats
- Authentication requirements
- Usage examples
Interactive Documentation Featuresโ
The API documentation interface provides:
- Interactive Testing: Test API endpoints directly from the documentation
- Authorization Configuration: Set up authentication for testing purposes
- Request Builder: Generate sample requests in various programming languages
- Response Visualization: View formatted API responses
- Error Handling: Documentation of error codes and troubleshooting
Security Best Practicesโ
When working with API tokens, adhere to these security best practices:
Token Managementโ
- Principle of Least Privilege: Create tokens with only the necessary permissions
- Token Rotation: Regularly generate new tokens and decommission old ones
- Expiration Policies: Set appropriate expiration periods for tokens based on their use case
- Audit Trail: Maintain records of token creation, usage, and deletion
Secure Storageโ
- Environment Variables: Store tokens as environment variables, not in code
- Secrets Management: Use a dedicated secrets management solution for production environments
- Avoid Logging: Ensure tokens are not written to log files
- No Version Control: Never commit tokens to version control systems
Usage Monitoringโ
Regularly review the Existing API Tokens section for:
- Unexpected tokens
- Tokens that should have been decommissioned
- Unusual access patterns
Troubleshootingโ
Common Issuesโ
| Issue | Possible Solution |
|---|---|
| Token not working | Verify the token hasn't expired and is being sent correctly in the request header |
| Access denied | Ensure the token has permissions for the endpoint being accessed |
| Cannot create token | Verify you have super admin privileges and the correct platform permissions |
| Documentation not loading | Check your network connection and try refreshing the page |
| "Token already exists" error | Choose a different name for your new token |
Support Resourcesโ
If you encounter persistent issues with API Management:
- Consult the platform's technical documentation
- Contact your organization's system administrator
- Reach out to the platform provider's support team
Next Stepsโ
After configuring your API tokens:
- Implement the tokens in your integration projects
- Test the integration thoroughly in a non-production environment
- Monitor API usage and performance
- Establish a regular review process for token management
This documentation is intended for super administrators responsible for managing API access to the platform. For documentation on other Global Settings areas, please refer to the relevant sections of the platform documentation.