# API clients, access profiles, and access policies
Clients are logical groups of users, such as members from the same organization, who receive access to one or more API collections through an access profile. A client can have one or more access profiles, which specify the collection, authentication method, access policy, and IP addresses on the allowlist.
An access policy sets restrictions on a usage of an API, through a rate limit and usage quota.
# API clients
Navigate to API platform > Clients. Here, API owners can manage and create new API clients.
API platform client tab
# Create new client
Select New client.
Add new client
Fill in the following fields:
Name
Enter a descriptive name for the client.
Description (optional)
Enter a note for the client.
Client logo (optional)
Select a
.jpg
or.png
file to upload a logo.Project
Select a project. Only members with access to this project are able to see the client.
Configure fields for a new client
Select Add client.
Next, create an access profile.
# Access profile
Every client has one or more access profiles that are associated with API collections. An access profile gives a client access to one or more API recipe collections and/or API proxy collections.
We recommend that API owners create a unique access profile for each API consumer. This allows you as the API owner to delegate access to specific API collections and impose access policies. Furthermore, it allows you to generate usage information about how API consumers are using your API endpoints.
API CONSUMERS
An API consumer can be a person, script, or automated program.
To view a client's access profiles and create new profiles, navigate to API platform > Clients and select a client. The following screenshot contains an example of a client (ACME Company) with one access profile (also called ACME Company).
API client with access profile
# Access profile fields
Note the Auth Token field. A unique API key is generated for each client. This token is a long string of characters. It needs to be supplied to the client so that the client can connect to the API. Treat this API key as confidential information; it should be known only to the API owner and the client.
An API key can be revoked, and a new one issued, by clicking on the Refresh button next to the token.
A client can be Active or Inactive. An inactive client cannot call any APIs. Moving the slider right will switch the client's status to Active, after which API calls will be accepted.
# Create new access profile
Prerequisites:
Navigate to API platform > Clients and select the new client.
Select Create new access profile.
Create new access profile
Fill in the following fields:
Profile name
Enter a descriptive name for the access profile.
API collections to include
Select one or more collections. You can send requests to endpoints in these collections using your access profile.
Authentication method
This can be an auth token, OAuth 2.0, JSON web token (JWT), or OpenID Connect.
Policy (optional)
Select a policy that will govern access to API collections included in this profile.
Allowed IPs
Manage which IP addresses can access this profile. To add multiple IP addresses, separate them using commas, or define a range (
106.226.100.3/20
). When this field is set, only requests initiated from these addresses are allowed.
Configure new access profile settings
Select Next.
Select Create access profile.
Confirm creating an access profile
Copy the auth token and save it somewhere secure. This is the only time you can view the token. If you lose the token, you must create a new one.
Example auth token
Select Done. The new access profile is visible on the client's page.
Last updated: 9/14/2023, 9:26:48 AM