API Reference

Managing API Credentials

Overview

Access to the Aurora v2 API is controlled by way of a collection of OAuth 2 credentials. These credentials can be managed via the API itself or via the Aurora Back-end, under Store > API Credentials.

This article describes how to manage these credentials from the Aurora Back-end.

👍

V2 API Credentials Endpoints

For more detail regarding the management of these credentials using the V2 API itself, please see the Credentials Endpoint API Reference.

Managing Credentials in the Aurora Back-end

Viewing/Listing Credentials

This is found in the Aurora Back-end, under Store > API Credentials.

Adding and Editing Credentials

This is found in the Aurora Back-end, under Store > API Credentials, by then clicking to add or edit any listed credentials.

🚧

Record your Secrets

Aurora will only display the Client Secret once when the credentials are first added.

As such, you should be sure to record this value at this time. If you failed to do so, then a completely new set of credentials will need to be created.

Understanding API Scopes

📘

The purpose of the V2 API Credentials is to assign API Scopes to consumers of the API. These scopes control what a consumer/user of the API can and cannot do.

👍

What scopes do I need?

To find out what Scopes you need to assign to a consumer to allow them to access endpoints, please see the API Reference Documentation.

Here, every endpoint that requires a scope to use, will have this clearly described in the Description of the endpoint in question. Simply visit the endpoints you would like to be using and then note the scopes needed.

❗️

Minimum Possible Access!

When issuing scopes to consumers, it is strongly advised that you issue only the minimum possible Scopes. This will help ensure your data is secure and limit the chances of consumers gaining access to things they should not.

Revoking V2 API Credentials

You can revoke a consumer's access at any time by deleting their access credentials from the Aurora Back-end, under Store > API Credentials.

🚧

15 minute Access Token Expiry

Please be aware that the Access Tokens generated by consumers are valid for 15 minutes before they expire. As a result of this, once you have removed the credentials for a consumer, they may still be able to access the API with their previously issued scopes for up to as much as 15 minutes.