Authentication
Internal comment: I reused the Obtaining authentication credentials chunk of text from the Authentication here.
The Integration API system uses an access key based authentication and authorization exchange which we refer to as API keys.
Each client can use one or more API key to authenticate their communication with the Controlant Integration API. Each request the client makes must include their API key in the Authorization header of the request.
$ curl -H 'Authorization: APIKey {TOKEN}' -X https://integrations.controlant.com/api/echo/Getting authentication credentials
You can have one or more API keys configured and setup to suit your integration scenarios.
We recommend configuring everything using the UAT environment, and switching over to LIVE only when everything is working as it should.
All API keys are created with the status
active, which means that you can immediately use them to access API functions.When you disable an access key, you cannot use it for API calls.
When you delete an access key, the key is gone forever and cannot be retrieved.
We recommend that you analyze your integration needs and determine how many API keys you require and how you are planning to implement your API key rotation. [qq siggi add link to Best practices -> API Key management]
References
API Key Management [qq siggi add link]
Next steps
Make your first API call: Making a test call to the API
Find or create authentication tokens within the Controlant Systems: https://account.controlant.com