Assigning permissions

Access to API endpoints is controlled via users. This includes two ways for controlling access.

User permission at the application level

In the first option, a user is assigned to the API endpoint.

This can be done in the properties of the application to which the API endpoint belongs. The assigned user can access the API endpoint if authentication at the portal is carried out via the API login endpoint and cookies (without API key) supplied as standard.

Detailed information about this option can be found in the following sections:

• Assigning a user to an API endpoint

• Authentication via API login endpoint and cookies (without API key)

User authorization at the API key level

In the second option, the assignment of a user is done via an API key, which is (in turn) assigned to the API endpoint. This also gives the user access to the API endpoint.

You assign a user to an API key in the "Integration" module. When accessing an API endpoint via an API key, no explicit login of the corresponding user to the portal is required.

Detailed information about this option can be found in the following sections:

• Creating a new API key and assigning users

• Authentication via API keys

Interaction of users at the API-endpoint and API-key level

If a user has access to an API endpoint via an API key, they do not need any (additional) assignment at application level. The API key-level assignment is sufficient.