Generating an API token in Oomnitza is a key step in accessing the Oomnitza internal API. You can find a comprehensive list of all Oomnitza internal APIs in the Integrations > Rest APIs (Swagger docs) menu. These APIs enable users to extract key data and metrics and get the most out of their Oomnitza platform.
With Oomnitza's Internal APIs, you can perform tasks like updating asset information in bulk or counting the number of assigned assets in your organization quickly and easily. Refer to our Oomnitza API article for instructions on how to add your API token to Oomnitza and run workflows with our API.
Creating an API Token
To generate an API token in Oomnitza, complete these steps:
- Click Configuration > Security > API tokens.
- Click + to add a new token.
- Enter the name of the token.
- Enter the name of the user to whom the token will be assigned.
- Click SUBMIT.
The API token is displayed once and cannot be recovered.
Create a dedicated user for each external service that you want to connect to. This makes the activity of the API token easier to identify and control, and prevents issues as your team members change. You can use the Activities tab and the API tokens menu to track the usage of the API.
Setting the visibility of the API tokens menu
You can set the visibility of the API tokens menu for each role in the Configuration in the Security > Roles > Permissions tab. You can choose from one of the following options
- No access. The user cannot view the API tokens menu in Configuration > Security.
- Read. The user has read-only access to the API tokens menu. They do not have the ability to create or revoke tokens.
- Read, Add, Revoke. The user has full access to all API tokens. They have the ability to create and revoke tokens on their own behalf or on behalf of another user.
- Read, Add, Revoke own tokens. The user can only view, create or revoke their own API tokens. They do not have the ability to view, create or revoke other user tokens.
API tokens inherit the permissions of the user. For example, if the user has No Access permissions for accessories then will get a Forbidden (403) error when they use the token to query accessories. It is recommended that you check all access permissions in Credentials in the Security > Roles > Permissions tab beforehand.
Revoking API tokens
Users with the aforementioned Revoke permissions can also revoke API tokens in Configuration > Security > API tokens. Once the token is revoked the token user will receive an Unauthorized(401) error when using the token.
Please sign in to leave a comment.