In order to have access to the API services, credentials are required to authenticate the API consumer. The credentials also determine the class of service granted to the API consumer: Base features (L1), Advanced features (L2), Expert Features (L3).
Obtaining credentials
Credentials are composed of a client identifier and a client secret. Upon successful authentication, an access token will be returned; this will grant access to the API services for a period of 24 hours.
Credentials are manually generated by a Siteflow Administrator on demand. They are sent to the client through a secured mechanism using a shared protected asset (such as 1Password).
Authenticating
There is an authentication service endpoint (POST authenticate) which allows to obtain an access token by providing the client identifier and secret in the query body.
Scope
Siteflow application manages data available for the whole organization and data restricted to specific accounts (see more details here).
There are two types of API Consumers: those having organization privilege (organization key) and those having visibility restricted to their associated account only (account key).
Using account key, scope of accessible data is limited to the account related data:
Data produced by the account.
Data produced by other accounts but which are shared within the organization.
Organization key gives access to any data of any account in the organization. However, data has to be queried account by account. In general, it is not allowed to retrieve data from several accounts in the same API query.
A class of service has been assigned to any API Consumer regardless of its type - L1 (Base), L2 (Advanced) or L3 (Expert):
L1 class API Consumers have access to any service endpoint available to L1 class.
L2 class API Consumers have access to any service endpoint available to L1 and L2 classes.
L3 class API Consumers have access to any service endpoint available to L1, L2 and L3 classes.