Create a User with REST API Privileges
To begin using the API, an admin needs to grant the relevant user/s permission to access the REST API.
As an Administrator:
- Navigate to the Administration page, then navigate to Manage Users in the menu
- Click on the link icon on the user you want to grant permission to
- Click on the Edit button on the user profile
- Place a check in the box for the option Allow this user to access REST API
- Click Update to commit the permission to the user
Create a Token for the User
The next step is to create a unique token for the user to use. The token should remain highly secured and multiple users should never use the same token. Please ensure that any user who has their API permission disabled or removed also has their token revoked.
To create a token:
- Navigate to the Administration page, then navigate to Authentication in the menu
- Locate the Access Tokens section at the bottom of the page
- Click on New Access Token
- Choose the Owner of the new token i.e. the relevant user
- Select a date for when the token Expires. We recommend allowing tokens to remain valid for one month
- Click Create to complete the process
Configure Permissions for the User
In order for the user to use their token to make changes to costs and benefits, they must also have permission in the relevant Program.
To enable user Update permissions:
- Navigate to the relevant Program to receive changes
- From the menu, navigate to Teams & Roles > Roles & Permissions
- Create a new role for the API user or click on the edit icon on an existing role. NB: Practice caution when changing role permissions, ensure there are no users in the role that should not have the new permissions
- Check the radio button for each necessary cost item to Update
- If you have created a new role, navigate to Teams and assign the new role to the user the token was created for.
Add the Token to the REST API
To authorise the token for use by the user, add the token using the attribute: