To access AngelTrack's APIs, your application must have an API key.
This article discusses AngelTrack's API key system, which is used to authorize third-party applications to exchange data with your AngelTrack server.
Uses of API Keys
The following AngelTrack APIs use API keys:
- CAD API Accepting Nemsis including Affiliate Server-to-Server Delegation
- Postprocess Workflow API
- Movi Integration
AngelTrack's various other integrations are outbound and so will have their own authentication systems as required by the third party.
API Key Creation and Configuration
To create or modify an API key, login to AngelTrack with Administrator privileges, go to Settings, and click on the API Configuration item.
Your existing API keys are shown. Click to add a new one.
Each API key has the following parameters:
Access key: This acts as the password, which the third-party app uses to authenticate itself.
Name: A freetext description that you choose to help you remember each API key's purpose. You can change the name at any time without impacting the API key's function.
Active: Untick this box to deactivate the API key. It will cease to function within four minutes of your deactivating it.
API privileges: Specify which AngelTrack APIs and integrations will accept the API key.
Proxy employee: Select an AngelTrack employee record as the proxy. All activities performed using the API key will be attributed to this employee. For example, if the API key is used to book a new dispatch, the dispatch will show that it was created by this employee. See below for details.
Re-Key
At any time you can re-key an API key, by visiting the API Key Edit page and clicking the "Re-Key" link.
After you save a re-keyed API key, the old one will continue to work for 4 hours, giving you time to input the new API key into the third-party application.
Deactivation and Reactivation
You can deactivate and reactivate your API keys as you see fit, in the usual way. Obviously, a deactivated key will be rejected if anyone attempts to use it to access AngelTrack.
Proxy Employee
Each API key specifies a proxy employee record, in whose name all API activities will be logged.
To prevent unintended disruption of your API activity, AngelTrack ignores the proxy employee record's security roles.
Likewise the proxy employee record can be marked 'inactive', if you do not wish to allow a human to use it for ordinary AngelTrack access. Inactive employee accounts can still act as proxy accounts for an API key. The only way to disable an API key's access is to rekey or deactivate the key itself.