Aurora API: User Management
The API User Management section allows you to grant access for your Aurora API to 3rd party integrators and can be found in the Aurora Back-end under Users > API Users > Users.
This article explains how to create and manage your Aurora API user accounts and what options are available to you for controlling what these users can do.
Introduction
The API User Management section allows you to grant access for your Aurora API to 3rd party integrators and can be found in the Aurora Back-end under Users > API Users > Users.
Using this section you can:
- Create new Auth Tokens & Aurora API users.
- Restrict the API commands a user can run.
- Restrict the PI addresses from which an API user can connect from.
- Enable and Disable existing Aurora API Users.
Creating a New API User
You can do this from the Aurora Back-end under Users > API Users > Add User, as shown below.
The fields you have access to are as follows.
| Filename | Example | Description | Required? |
|---|---|---|---|
| Name | Integrator One | This field is for your reference only and is not used by Aurora and so should be set to something that will allow you to identify the user easily. | Yes |
| Auth Token | BOIUHY&T_TVGV&GGI.GV-OHVOHVVHOHBBHHIHBILHBL | An alphanumeric string of characters used to authenticate all API requests incoming to the server. This is the value you should issue to your 3rd party Aurora API Integrators to allow them to access your API. While this is a free-form text field, it is highly recommended that this value always be long and complex to ensure the token is always secure (i.e. not easily guessed). e.g. minimum of 32 characters. Changing this value will prevent any users using the old Token from being able to access the API, with immediate affect. | Yes |
| Valid IPs | 123.123.123.123 432.234.142.42 12.32.432.5 | A list of IP fully qualified addresses you would like to allow the user to access the API from. If this field is left blank, then the users is permitted unrestricted access from any IP address. You may NOT use wildcards or masks here, i.e. the IP must be provided as one single and complete IP per line. 12.321.4.% or 213.31.41.* will NOT work. | No |
| Valid Methods | ProductGet ProductSearch OrderGet | A list of Aurora API Methods you would like to allow the user to have access to. Each method should be provided on a new line. If this field is left blank, then the users is permitted unrestricted access to all methods. The methods available for use are documented in the Aurora API Guide. | No |
| Active? | If this box is not ticked, then the User's Auth Token will be rejected. Changing this value will prevent or allow (depending on whether you are turning it off or on) any user using this Token from being able to access the API, with immediate effect. | No |
Editing an API User
When editing an API user, there are a number of additional security restrictions that can be assigned.
Response View
By assigning a response view to an API user, you are able to restrict the user to a specific set of filters or response structures that have been defined for a specific 3rd party integration, process or client use case.
In almost all cases, this should be left as the default response view.
Valid Commands
By default, an API user will have access to all API commands, however you can restrict a user to a specific set of commands by explicitly selecting these when editing the API user.
If an API user attempts to access a command that they do not have access to, they will receive an API error.
Testing the API
Until you have your own API Testing platform to perform your testing with, you can run your sample requests through the Aurora API using the API testing tool found int he Aurora Back-end under Users > API Users > Test API.
To send a request to your API to be processed, you should use the form shown below as follows:
- Select the API Version you would like to run your request through.
- Enter the domain for the Aurora API you would like to access, e.g. this is usually a sub-domain of your main Store's domain name.
- Enter the HTAccess Username and HTAccess Password for the Aurora instance you are attempting to access.
This is usually only required when posting requests to Test instances of Aurora. Your Live API URL should not require these fields to be completed.
If you do not know what the username or password is here, please contact your Agency for assistance.
- Enter the Method you are calling in the Request XML, e.g. if you are posting a request to the Product > Get API method then you should enter "ProductGet" here.
- Paste your request into the XML Request field.
- Click the Process Request button.
Request Validator
You can use the API Testing Tool to validate your XML requests if you are in doubt. Simply go to the Users > API Users > Test API section and:
- Select the API Version you would like to run your request through.
- Paste your request into the XML Request field.
- Click the Validate Request button.
Please note that the API URL field should be left blank for this operation.
Updated about 1 year ago