Access keys, also known as API keys, aid in ensuring the safety and management of API (Application Programming Interface) access. They provide benefits such as:
Access keys provide an effective way to authenticate users or accounts when accessing an API. This ensures that only authorized groups can interact with the API, ensuring the security of the data.
API keys can be revoked or regenerated if they are compromised, which helps minimize security threats.
Publishers who want to give third-party vendors access to the Circulation API can create a user ID and generate an access key through which the third-party vendor can access the database securely.
The users can define whether an access key is required to access the application based on the Business Rule— Should the CIRC API require a valid access key be passed to it? (CircAPI section). The default value of the BR is set to Yes. If the value of this BR is set to Yes, the Access Key must be provided along with the User ID for each Circ API call.
To retrieve the account information using the Distribution API, a client must first create an account and then generate an Access Key for the account. In the URL request to the Distribution API web server, both the Account ID and the Access Key must be provided.
The users can define whether an access key is required to access the application based on the Business Rule— Should the Distribution API require a valid access key be passed to it? (Distribution - API: General section (CMO)). The default value of the BR is set to No. If the value of this BR is set to Yes, the Access Key must be provided along with the account ID for each Distribution API call.
If the access key has not been provided and the above-mentioned BRs have been set to Yes, an authentication failed error message will be displayed.
Note:
To revoke access for a particular user, create a new access key for that user and do not share the key. Because only one access key is valid/stored at a time, this will disable access to the system using the previous access key.
In character Circulation, select Generate Access Key from the Security menu to display the Generate Access Key screen.
Select Add and complete the following fields.
APPLICATION
setup
Enter the application name as either Circulation API or Distribution API. For help, press F2.
USER ID
open
If the Application selected is the Circulation API
, this field will be displayed.
Enter a valid user ID or press F2 for help.
ACCOUNT ID
open
If the Application selected is the Distribution API
, this field will be displayed.
Enter a valid account ID or press F2 for help.
ACCESS KEY
display
This will be generated automatically and displayed on the screen.
START DATE END DATE
date
Enter the date range for which the user will be able to access the application.
Note:
The Start Date will be set to Today by default.
Enter a date that is later than Today as the End Date. For help, press F2.
Select Accept to provide access to the specified user or account.
Application: Circulation API
Application: Distribution API
To successfully access the database through the CircAPI or the account details through the Distribution API, either of the below options can be followed:
The value of the BR has been set to Yes, and a valid access key has been provided in the request URL. Or
The value of BR has been set to No.
Application: Circulation API
Application: Distribution API