Purpose Statement

The API token feature allows users to generate secure authentication tokens for accessing First Due's Application Programming Interface (API). These tokens enable automated data exchange and integration between First Due and external systems, providing departments with programmatic access to their data while maintaining security protocols.

Background Information

API tokens serve as secure credentials that authenticate external applications and services when accessing First Due data programmatically. This functionality is essential for departments implementing automated workflows, custom integrations, or third-party applications that need to interact with First Due's database. Each token provides full API access equivalent to the generating user's permissions and remains valid for one year from creation. The token generation process includes built-in security features such as copy functionality for secure distribution and regeneration options for enhanced security management.

Required Permissions

Users must have API access permissions enabled in their user profile to generate and manage API tokens. Contact your system administrator if the USER TOKEN option is not visible in your user menu.

Video

Step-by-Step Guide

Accessing the API Token Generator

1. Navigate to User Menu

   • Click on your name in the upper right-hand corner of the First Due interface
     

1. Open Token Management

   • Click on "USER TOKEN" from the dropdown menu
     

Generating Your API Token

3. Create New Token

   • Click the Play Arrow icon to initiate token generation
   • The system will immediately generate a unique API token
     

3. Manage Your Token

   • Copy Token: Click the Double Paper icon to copy the token to your clipboard
   • Regenerate Token: Click the Reverse Icon to create a new token (invalidates the current one)
   • Remove Token: Click the X icon to delete the current token
     

Token Information and Status

5. Review Token Details
   • The system displays the token status (Active/Expired)
   • Expiration date is shown (tokens are valid for one year from creation)
     

Best Practices

Token Security Management:

• Store API tokens securely and never share them in unsecured communications
• Regenerate tokens immediately if you suspect they have been compromised
• Use separate tokens for different integration purposes when possible
• Document token usage and associated applications for your department

Token Lifecycle Management:

• Set calendar reminders before token expiration dates
• Test integrations after regenerating tokens to ensure continued functionality
• Remove unused tokens to minimize security exposure
• Coordinate token updates with any automated systems or third-party integrations

Integration Planning:

• Ensure your API integration can handle token updates gracefully
• Implement proper error handling for expired or invalid tokens
• Test API connections in a development environment before production deployment

Troubleshooting & FAQs

Q: Why don't I see the USER TOKEN option in my menu? A: This indicates you don't have API access permissions. Contact your system administrator to request API access rights.

Q: What happens to my integrations when I regenerate a token? A: Regenerating a token immediately invalidates the old one. Update all applications and integrations with the new token to prevent service interruptions.

Q: Can I have multiple active tokens? A: No, each user can only have one active API token at a time. Generating a new token automatically invalidates the previous one.

Q: How do I know when my token is about to expire? A: Monitor the expiration date shown in the token management interface. First Due may also send notification emails as the expiration date approaches.

Q: What API endpoints can I access with my token? A: Your API access is limited to the same data and functions available to your user account within the First Due interface. 

Q: Is there a way to extend my token's expiration date? A: No, tokens cannot be extended. You must generate a new token before the current one expires to maintain uninterrupted API access.