The API Subscription Manager screen at the system level allows for API Subscribers to be created. It will default to show the API Subscribes tab. In order for users to access Swagger, the technical documentation and experimentation tool that can be used to explore the AssignmentPro API, users must be set up as API Subscribers and sent log in credentials to an email address. Only subscribers to AIRINC, People, Assignment Documents and Compensation Documents API can access Swagger, this not available for SCIM subscribers.
Any existing API Subscribers will be displayed in the API Subscribers grid. To add a new API Subscriber, click the
. Generally speaking, API Subscribers should be created per system that will be integrated with AssignmentPro; for example, it is highly unlikely that a given Subscriber would have both the AIRINC and People API Subscriptions applied to them.
Users will be automatically directed to the User Maintenance screen. The User Type and Security Role will default to API Subscriber and Equus - API respectively when the User Maintenance screen is accessed from the API Subscription Manager screen.
The Equus standard Equus – API security role cannot be edited. This includes Advanced Data Restrictions for the role which encompass rights such as Data Sensitivity Access, Field Privacy Rights, etc. If any of these rights need to be adjusted for your API subscribers, the best practice is to create a new Role with those rights and assign that role to the API subscriber.
With this, they will have the following roles available:
Equus standard Equus – API security role
user-created role
This will provide them with the Advanced Data Restrictions (Data Sensitivity Access, Field Privacy Rights, etc.) configured for them under the client created role. An example where this might be needed are Document API subscriber users who require access to sensitive document types.
If these document types are configured with data sensitivity, you might need to create a new, client role to grant them access to those data sensitivity rights.
Populate the User ID, First Name, Last Name and Email mandatory fields and click
.
Next, click
and click
when a pop up message appears notifying that a new password has been successfully generated and emailed to the user. Note, there is no need to click
when creating an API subscriber for the SCIM API.
Click the
button to return to the API Subscription Manager screen. The
button appears when the User Maintenance screen is accessed from the API Subscription Manager screen.
From the API Subscription Manager screen, the newly created API subscriber can be opted in to the standard APIs that are delivered by Equus by clicking on the entries in the Available field followed by
to apply those subscriptions to a subscriber. To remove any subscriptions from the subscriber, select on the entries in the Subscribed field and then click
.
To select multiple entries press the CTRL key and click on the entries. Once the desired selections are made, click
to proceed to generate a GUI and Secret key for the API subscriber.
The GUID and Secret Key fields will be inactive and empty until the
button is clicked.
The Subscriptions grid below the Secret Key field shows which Subscriptions are applied to that Subscriber, and which Permission Sets are associated to a given Subscription. Each API Subscription will have an associated standard Permission Set to govern the scope of what a Subscriber is allowed to do in the system when subscribed to that API.
GUID: A unique identifier which is associated to an API Subscriber, and used to authenticate requests made to the API.
Secret Key: A uniquely generated key that is required to construct a JSON Web Token which is used to authenticate calls made to the API. Once it has been generated, it will be displayed in plain text and only shown upon initial generation; if a user navigates away from the page, it will be hidden and cannot be retrieved again. There will be a warning displayed to users informing them of this.
Once generated, the
next to each field that allows users to copy exactly what is displayed to their clipboard to minimize any manual errors when trying to highlight and copy. The GUID and Secret Key should be kept safe and be provided to the technical teams that are doing development against the API.
An additional step is required for SCIM API Subscriber since they have a long-lived token used as an authentication method. An option to set duration is available with the following option:
1 week
1 month
6 months
1 year
When the Duration is selected, click
. This will create the long-lived token in a form of Token String. Both Token String and Expiration Date are generated and both in Read Only. A copy button (
) will be enabled for the token screen.
