Third Light Developer Exchange

Code and templating community forum for developers and software integrators

You are not logged in.

Announcement

If you wish to join the Developer Exchange, please contact your account manager - this is to avoid unnecessary spam in the forums. Many thanks for your understanding.

#1 2015-09-10 17:38:33

jessicalin
Member
Registered: 2015-09-01
Posts: 4

API key

Hi,

I've created an API key for our application to access the ThirdLight APIs (Configuration -> Site Options -> IMS API) and noticed that the operations via the APIs are all logged under my account.

What is the best practices in terms of creating a system account to consume the API?  What user rights will this account need?

Thanks!

Offline

#2 2015-09-10 17:46:13

dominic
Third Light Staff
Registered: 2013-06-06
Posts: 119

Re: API key

Hi,

After calling Core.LoginWithKey you should call Core.ImpersonateUser to obtain a session on behalf of an appropriate user. It is often desirable for this to be an account specifically for the purpose of the API integration - the only real exception to this is when you are actually acting on behalf of a specific user (for example, as used in the Third Light Browser Drupal/Wordpress plugins).

The access rights required will depend entirely on what it is that you intend to do!

It is good practice to change the authentication mode of such accounts to "no_password" (via Users.SetAuthMode), so that they can only be used in conjunction with an API key.

Dominic

Offline

#3 2015-09-10 20:09:49

jessicalin
Member
Registered: 2015-09-01
Posts: 4

Re: API key

Thanks Dominic!

To get / download assets as well as edit metadata, will a "Normal User" account be enough or a "Power User" is required?

Offline

#4 2015-09-15 10:57:54

ben
Third Light Staff
From: Third Light
Registered: 2013-06-06
Posts: 79

Re: API key

Hi, download permission would depend on the particular user you are impersonating. The Normal and Power User presets just act as an initial set of permissions, but each user account can be configured further. I'm not sure exactly what rights those presets contain, but you can inspect them via the configuration menu e.g. Configuration > Presets > Users.

If you create a user based on either of them, you can then edit the user further and have a look at the "Downloads" tab and the "Access" tab.

hth, Ben

Offline

Board footer