For the successful use of APIs at First Due, a user needs two things:
- an API token generated through the User Profile
- to have sufficient permission objects assigned to a role that allow interaction with the API endpoints
How to setup and access API Tokens from the User Profile
In an API exchange, you will need an API token to successfully send/receive traffic on the endpoints. Within First Due, your API Token can be generated from your individual user profile. A token is unique to each specific user. When a token is generated, it automatically is also set to a one-year expiration date.
While an agency can have multiple users with API tokens, it can become hard to manage which Token was used in which integration and what is the expiration date for each token. A strong recommendation is to keep critical integrations and data products all running off of one API token with reminders to update the token before expiration.
- Step 1: On the individual user record, check the "Enable API access token" checkbox.
- Step 2: On the User Profile, go to the API Token tab. From that tab, generate an API Token.
- Copy the Token and store it in a secure location.
- NOTE: The expiration is valid for 1 year. We recommend setting a reminder in multiple locations so you ensure your user's token does not expire.
Interacting with the API after you have an API Token
With an API Token in hand, you have the necessary first item to start interacting with the API endpoints. Important to know and understand though is that what you can do with the API -- which endpoints you can interact with, whether you are read only or you can insert and update rows etc -- is all controlled through permission objects on the ROLE page.
What your user can/cannot do via the API is controlled through permissions.
When First Due implements a customer, they enable appropriate permission objects for the highest-level role. The administrators assigned to that role can then grant permissions downstream. All the API permissions are in the API "bucket" on the role page.
The API documentation in Read.me should list out the endpoints and which interactions are supported. If you don't believe that you have sufficient permissions, contact Client Success and/or your Implementation Manager to review your permission objects.