Setting Up API Users

NOTE. When LDAP authentication is selected, determine LDAP directory connection settings.

To manage API user accounts, use the API Users subsection in the selected project:

To add a user account:

Click the Add User button.

After executing the operation the account parameters are displayed:

Set the parameters:

Authentication Type. Select user authentication type:

Local. User authenticity is checked in a local database on a mobile platform server.
LDAP Server. User authenticity is checked at LDAP server that stores user database with all description.

NOTE. LDAP authentication is available if LDAP directory connection is configured.

Server <data source name in project>. The user is authenticated in the SAP data source or the Foresight Web data source. Autoregistration and authentication server are set on project editing.

The box is mandatory.

Login. Set user name not longer that 104 characters. It is available to use numbers, spaces, Latin and Cyrillic letters in upper and lower case, and also special characters: ‘_-)(^%$#. The box is mandatory.
Active. Select the checkbox to activate the user in the system and to be able to work with the mobile platform. The active user can execute authentication and various API requests. If the checkbox is deselected, the user is deactivated.
Account Validity (days). Set account validity in days. By default, the account never expires, validity is not set. When setting account validity the Account is Valid Through <Date> message is displayed in the account edit mode. After the account expires it is automatically becomes inactive.
Password. Set the account password consisting of five or more characters in UTF-8 encoding and meeting the specified requirements. The password is used to authorize the API user on a mobile device and to further change the password by the user, if the One-Time Password checkbox is selected. To automatically generate password taking into account the specified requirements, click the Generate button. The generated password is displayed in the Password box and is available for editing. To display or hide the password, use the button. To check if the password meets the specified requirements, use the check_new_password API method; to change the password, use the change_password API method. The box is mandatory.

Repeat Password. Repeat the specified account password. To display or hide the password, use the button. The box is mandatory.
One-Time Password. Select the checkbox to use the specified password one time before password change. When the user is authorized, the request to change the password is displayed.

NOTE. The parameter is displayed if the Password and the Repeat Password boxes contain the user account password.

Maximum Password Validity (days). Set maximum password validity in days. By default, the number of days specified in password parameters is set. When setting account validity the Account is Valid Through <Date> message is displayed in the account edit mode. If the password expiration date is less than the current date, the Password is Expired message is displayed.
Locked for Security Reasons. Deselect the checkbox to unlock the user on authorization failures or wait until the specified user lock period end, after which the user is automatically unlocked. When an API user is locked, the checkbox is selected automatically and the message Locked Until <Date> is displayed in the account edit mode.

NOTE. If the LDAP Server authentication type is selected, the user can be locked by LDAP server after use locking status check in LDAP directory. The check is executed on adding and authenticating the user, and synchronization of data about existing users between LDAP and mobile platform. When the user is locked by LDAP server, the Locked for Security Reasons checkbox is automatically selected and an corresponding message is displayed. To unlock the user in mobile platform, unlock the user in LDAP directory. After this the Locked for Security Reasons checkbox will be deselected after the user's first authentication or data synchronization.

Full Name. Enter user's full name if required.

NOTE. If the LDAP Server authentication type is selected, data will be loaded from LDAP directory.

Groups. Select groups of users, to which the user belongs.

Credentials. Select credentials to access a data source. If a list of credentials takes long time loading, set up the optimal number of displayed credentials.

NOTE. If the API user is included in the group of users with specified credentials for data source, credentials for a specific API user are not set for the same data source. The user cannot be included in several groups with specified credentials for the same data source.

DSS Login. Enter DSS account login to set up digital signature if required.

Click the Save button.

After executing the operations the account is added to the users list.

To edit user account:

Click the user name.

Change parameters specified on adding an account.

Click the Save button.

After executing the operations the account is edited and refreshed in the users list.

To delete the account, click the Delete button next to user name.

After executing the operation it is asked to confirm account deletion. If the answer is positive, the account is deleted from the list.

The administrator console for API users can be used to view linked devices and add users to groups to control access to data source resources.