Third Light Developer Exchange

jessicalin

Member

Registered: 2015-09-01

Posts: 4

API key

Hi,

I've created an API key for our application to access the ThirdLight APIs (Configuration -> Site Options -> IMS API) and noticed that the operations via the APIs are all logged under my account.

What is the best practices in terms of creating a system account to consume the API?  What user rights will this account need?

Thanks!

dominic

Third Light Staff

Registered: 2013-06-06

Posts: 119

Re: API key

Hi,

After calling Core.LoginWithKey you should call Core.ImpersonateUser to obtain a session on behalf of an appropriate user. It is often desirable for this to be an account specifically for the purpose of the API integration - the only real exception to this is when you are actually acting on behalf of a specific user (for example, as used in the Third Light Browser Drupal/Wordpress plugins).

The access rights required will depend entirely on what it is that you intend to do!

It is good practice to change the authentication mode of such accounts to "no_password" (via Users.SetAuthMode), so that they can only be used in conjunction with an API key.

Dominic

jessicalin

Member

Registered: 2015-09-01

Posts: 4

Re: API key

Thanks Dominic!

To get / download assets as well as edit metadata, will a "Normal User" account be enough or a "Power User" is required?

ben

Third Light Staff

From: Third Light

Registered: 2013-06-06

Posts: 79

Re: API key

Hi, download permission would depend on the particular user you are impersonating. The Normal and Power User presets just act as an initial set of permissions, but each user account can be configured further. I'm not sure exactly what rights those presets contain, but you can inspect them via the configuration menu e.g. Configuration > Presets > Users.

If you create a user based on either of them, you can then edit the user further and have a look at the "Downloads" tab and the "Access" tab.

hth, Ben