Users must be authenticated to send or receive API requests to and from Manage. The API calls include a timestamp of when the call was made to avoid replay attacks. For authentication, the user must send the following headers along with the REST API.
- API key -- Unique identifier for the user (this is the user name, for example, Bob and the generated API key copied from the Manage system)
- Timestamp -- Time, date, and day of the API call
- Authorization -- SHA-1 authorization key (Calculated using the API key and timestamp).
Generate API Key for a User in Manage
To generate an API key for a user, navigate to Administration-> Authentication Management.
If the user has previously generated an API key, the last five characters of the key are shown in the API Key box to help the user identify the key in their ‘keyring’. If you need to generate a new API key, select the Generate new API Key checkbox to generate the API key. Click the Submit button.
You can leave the Change Password section fields blank. If you need to change your password, refer to the Change Password article.
Copy and save the new Enlighted API key that is displayed in a secure location as the key is not retrievable after the dialog window closes. Any previously associated key will be invalidated.
Refer to the article User Authentication for APIs to authenticate the user with the API key.