Description: Essential tool for creating, viewing, and managing access tokens (API Keys) used to connect Framework360 with external services and applications.
What is it for? (Practical examples)
This tool is crucial when you need to have Framework360 interact with external systems in a controlled and secure way.
- Integration with Third-Party Software: Use it to generate a dedicated key that allows accounting software or a data connector (ETL) to access only the necessary functions (e.g., reading orders).
- Custom Mobile/Web App Development: Useful for creating a token that enables a custom-developed mobile application to perform specific calls (e.g., registering a new user) within the system.
- Access Control: Allows you to precisely limit which operations (e.g., modify, create, read) can be performed by each integration, enhancing system security.
Main Features
1. Key Management
- Simple Creation: You can generate a new API key with a single click by providing a descriptive name. The system automatically generates a unique 40-character Token.
- Monitoring: The main list shows the last usage date of each key, allowing quick identification of inactive or frequently used keys.
- Deletion: Allows immediate revocation of access by deleting the key.
2. Permission Configuration (Granularity)
The most important aspect is the ability to precisely define what each key can do.
- Function Definition: Through a tabbed structure and checkboxes, the user can select which specific API functions (e.g.,
createcustomer,deleteproduct,read_campaign) are enabled for that Token. - Multiple Selection: A "Select All" button is available to quickly enable all functions.
How to Configure
When editing an API key, you access the configuration screen divided into two main sections: General Settings and Permissions.
General Settings
| Option | Description |
|---|---|
| Api Key | The unique Token generated by the system. It must be provided to the external application. |
| Creation Date | The date the key was generated. |
| Require User Authentication | If this option is enabled, the API key alone will not be sufficient. Every API call must also include a valid user session Token (via the X-Fw360-UserToken header). |
Role-Based Permission Management
The permission management system is organized by User Roles. This allows defining different permission sets depending on the context in which the key is used.
1. Tabbed Navigation: The tabs (or "steps") in the Permissions section correspond to the different User Roles configured in the system (e.g., Administrator, Customer, Agent).
2. Function Assignment: Within each tab, you can select the API functions to enable.
3. Role-Based Limitation: For roles other than Administrator, the system warns that calls made with that key will also comply with the access restrictions already set for that Role in the Role Management module.
4. Additional Security (Lock Icon): Next to some API functions, a lock icon may appear. If selected, it means that this specific function, even if enabled by the API key, will require the call to be accompanied by valid user authentication (even if the general "Require User Authentication" option is not active).
Automatic Integrations
This module is the access point for all external integrations. Its configuration directly influences the ability of external systems to interact with Framework360’s data and features.
User Access Control: If the "Require User Authentication" option is enabled, the API key not only authenticates the application but also binds the call to the specific permissions of the user using the external application. This ensures, for example, that a customer can only read their own data, even if the API key is configured for generic access.
