Setting Up API Users

NOTE. When LDAP authentication is selected, determine LDAP directory connection settings.

To manage credentials of API users, use the API Users subsection in the selected project:

To add an account:

Click the Add User button.

After executing the operation the account parameters are displayed:

Set parameters:

Authentication Type. Select user authentication type:

Local. User authenticity is checked in a local database on a mobile platform server.
LDAP Server. User authenticity is checked at LDAP server that stores user database with all description.

NOTE. LDAP authentication is available if LDAP directory connection is configured.

Server <data source name in project>. The user is authenticated in the SAP data source or the Foresight Web data source. Autoregistration and authentication server are set on project editing.

The box is mandatory.

Login. Set user name not longer that 104 characters. It is available to use numbers, spaces, Latin and Cyrillic letters in upper and lower case, and also special characters: ‘_-)(^%$#. The box is mandatory.
Active. Select the checkbox to activate the user in the system and to be able to work with the mobile platform. The active user can execute authentication and various API requests. If the checkbox is deselected, the user is deactivated.
Account Validity (days). Set account validity in days. By default, the account never expires, validity is not set. When setting account validity the Account is Valid Through <Date> message is displayed in the account edit mode. After the account expires it is automatically becomes inactive.
Password. Set the password for the account consisting of five or more characters in UTF-8 encoding and meeting the specified requirements. The password is used to authorize the API user on a mobile device and to further change the password by the user, if the One-Time Password checkbox is selected. To automatically generate password taking into account the specified requirements, click the Generate button. The generated password is displayed in the Password box and is available for editing. To display or hide the password, use the button. To check if the password meets the specified requirements, use the check_new_password API method; to change the password, use the change_password API method. The box is mandatory.

Repeat Password. Repeat the specified account password. To display or hide the password, use the button. The box is mandatory.
One-Time Password. Select the checkbox to use the specified password one time before password change. When the user is authorized, the request to change the password is displayed.

NOTE. The parameter is displayed if the Password and the Repeat Password boxes contain the user account password.

Maximum Password Validity (days). Set maximum password validity in days. By default, the number of days specified in password parameters is set. When setting account validity the Account is Valid Through <Date> message is displayed in the account edit mode. If the password expiration date is less than the current date, the Password is Expired message is displayed.
Locked for Security Reasons. Deselect the checkbox to unlock the user on authorization failures or wait until the specified user lock period end, after which the user is automatically unlocked. When an API user is locked, the checkbox is selected automatically and the message Locked Until <Date> is displayed in the account edit mode.
Full Name. Enter user full name if required.

NOTE. If LDAP authentication is selected, data is loaded from LDAP directory.

Groups. Select groups of users, to which the user belongs.

Credentials. Select credentials to access a data source. If the list of credentials takes long time loading, set up the optimal number of displayed credentials

NOTE. If the API user is included in the group of users with specified credentials for data source, credentials for a specific API user are not set for the same data source. The user cannot be included in several groups with specified credentials for the same data source.

DSS Login. Enter DSS account login if required to set up a digital signature.

Click the Save button.

After executing the operation the account is added to the users list.

To edit user account:

Click the user name.

Change parameters specified on adding an account.

Click the Save button.

After executing the operation the account is edited and refreshed in the users list.

to delete account, click the Delete button next to the user name.

After executing the operation it is asked to confirm account deletion. If the answer is yes, the account is deleted from the list.

The administrator console for API users can be used to view linked devices and add users to groups to control access to data source resources.