The Spektrix API contains a wealth of available information about your system that is publicly available to use. For instance, your web developer may use aspects of the API to pull event listings onto your homepage, or to showcase Funds that can be donated to.
There's plenty of information that these third parties can access – you can find full details of what on our Integration Portal. However, we keep more sensitive information under lock and key; this includes sensitive data such as customer information, order history, archived Events, and hidden Attributes.
This sensitive data can only be accessed with a secure API key, meaning you're in full control of who gets access to this.
In this article, we'll cover:
Creating an API user
In order to create an API user, you'll need to have the Settings Administrator user role on your Spektrix account. For more information on user roles in Spektix, check out this article on Adding and Editing Users.
Navigate to Settings Interface > Users > API Accounts. Here you'll find a list of all current accounts that have secure API access. Click one of the New API Account buttons to start the process of creating a new API user:
This will open the New API Account creator pop-up:
You'll need to provide three pieces of information here to set up an API user:
- Username: we recommend setting this as the company name of the third party you're integrating with
- Email address: this needs to be an email address for someone at the company you're integrating with
- Phone number: this needs to be a mobile/cellphone number and should be added using the international country code and the mobile/cellphone number (e.g. 07894 123 456 must be entered as +447894123456)
Once you've entered these details, click Create API Account and the API user will be created. The system will send a text message with an authentication code to the user's phone and an email with a link to a secure page to their email address:
Once the user inputs the authentication code they received via text into this page, they'll see the username you gave them and their API Key. They'll then be able to continue with the planned integration.
NOTE: it is important the API key is kept secure, as it offers the user access to sensitive data. It should never be sent via email directly. See the next section for details on how to reset an API key.
Resetting an API key
It's always possible to reset an API key if you ever think it has been compromised, or if the current integration has stopped functioning.
Navigate to Settings Interface > Users > API Accounts. Next to each API User, you'll see the option to Reset API Key:
Pressing this will prompt you to double-check that you want to reset this user's key. Once reset, this will send a new email and SMS to the API user, allowing them to access the new API key. Once their API key has been reset, their old one will no longer function.
Revoking API access
You have full control over who can access your system via the API. If at any point you want to revoke a user's access, we've made this quick and easy to do.
Navigate to Settings Interface > Users > API Accounts. Click on the email address of the API user to edit their API account:
By unticking the This API account is active checkbox, you can immediately revoke this user's access. The API key assigned to them will not work until you re-tick this checkbox.
If you have any further questions API users, or if you'd like to discuss anything related to the API, please don’t hesitate to get in touch with the Spektrix Support team.