How to Set Up an API User

Rachael Norris
Rachael Norris
  • Updated

The Spektrix API contains information from your system that is publicly available to use. However, there are occasions when you’ll need to access or record information that is sensitive and therefore only available to to authenticated users. 

To access restricted information via the API, you’ll need to set up an API user.

In this article, we'll cover: 

TIP: Looking to set up an Integration with an Agent? Take a look at the Introduction to Selling Tickets through Agents. Or, if you’re looking to set up a website integration with the API that does not require access to sensitive data, take a look at Configuring an API website integration.

 

Why set up an API User?

For security reasons, you can only make sensitive data from your system available through the API to authenticated API users.

If your website integration makes use of the API, it is likely to be accessing publicly available information such as Events, Price Lists, Memberships, or information related to a logged in customer and their Basket. 

However, some functionality, such as custom API sign up forms that update existing Customer Records, require an authenticated API User to be able to access and write back sensitive data.

Many Partner Products require more than what is available via the public API to do things like look up Customer Records, open new Baskets/Carts and confirm Orders.

 

How do Partner Products use the API?

For Partner Product integrations, partners may need access to your system through the API in System Owner mode. This is different to the API mode which would be used for Agents or most website integrations.

System Owner mode can access the full system and any information which is set to be available via the API. For example, Tags or Attributes which are marked available via the API. This mode of API can look up any Customer Record, not just the customer who is currently logged in. 

Partners are not able to process payments through the API in System Owner Mode. However, partners can manage their own payments and write this information back into your Spektrix system. This is possible through the use of Custom Payments. 

This sensitive data can only be accessed with a secure API key, meaning you're in full control of who has access.

Looking for the right partner to integrate with? Take a look at the Partner Directory: UK and Ireland / US and Canada.

 

Creating an API User

To create an API user for use with a Partner Product Integration, follow the steps below.

REMINDER: In order to create an API user, you'll need to have the Settings Administrator Role on your User Account. If you don’t have this, speak to the administrator in your organisation.

Navigate to the Settings Interface > Users > API Accounts

Here you'll find a list of all current accounts that have secure API access. 

To create a new user, click the New API Account button:

This will open the New API Account creator:

New_API_user_creation_pop_up.png

You'll need to provide three pieces of information to set up an API user:

  • Username: Enter a username for this Partner Product Integration. We recommend setting this as the company name of the third party you're integrating with.
  • Email address: Enter the Partner’s email address. The email address you use to set up the API User account must be unique. You can’t use the same email address for an API User and User Account.
  • Phone number: this needs to be a mobile/cellphone number and should be added using the international country code (e.g. 07894 123 456 must be entered as +447894123456)

Once you've entered these details, click Create API Account. This will create the API user.

  • A text message (SMS) with an authentication code will be sent to the user's phone number.
  • An email with a link to a secure page where they can enter the authentication code will be sent to the user’s email address.

mceclip1.png

Once the user enters the authentication code, they'll see their username and their API Key. 

 

WARNING: The API key must be kept securely as it grants the user access to your system. The API key should never be shared. If you think that the API Key has been compromised, you can follow the steps in the next section to reset an API Key.

 

Resetting an API key

You can reset an API key if you think it has been compromised, or if you need to reset an integration.

Navigate to Settings Interface > Users > API Accounts

Next to each API User, you'll see the option to Reset API Key:

mceclip4.png

You’ll be prompted to double-check that you want to reset this user's API key. 

Once reset, this will send a new email and text message to the API user, letting them access the new API key. 

Once the new API key has been reset, the old one will no longer function.

 

Revoking API access

You have full control over who can access your system via the API. You can revoke a user’s access at any point. 

To revoke a user’s access:

  • Navigate to Settings Interface > Users > API Accounts. 
  • Click on the email address of the API User to edit their API account.
  • Uncheck the box marked This API is active.
  • Click Update API Account.

mceclip6.png

This will make the API user inactive and revoke this user's access. The API key assigned to them will not work until you re-activate this API Account.

 

Further Reading

If you have any further questions about API Users, please don’t hesitate to get in touch with the Spektrix Support team.

You can continue learning about Partner Product integrations on the Work with Agents and other third parties section of the Support Centre.

To learn more, take a look at: