¶ API User Accounts
¶ How They Are Used
API User Accounts are used to authenticate all SOAP API calls and some RESTful API calls. In RESTful API, the user account is passed using BasicAuth when OAUTH is not used. In SOAP it is passed in the Credentials component of the request XML.
¶ Configuring and Creating API User Accounts
API User Accounts are BackOffice user accounts that are granted access to API webservices and have access to other areas of Freedom removed. The removal of access to Freedom is an important security requirement to verify when configuring these accounts. We also recommend to set up separate user accounts for different Integrations. This will help mitigate the breadth of any issues that might occur for a specific user account.
- In the Administration Department, navigate to Security > Users.
- If a User does not already exist for this API Integration, select New User. Ensure that the user is active and has a password that meets minimum password complexity requirements.
- When routed to the User Rights, enable only the API User Right needed for the integration.
