...
- is for a system such as ColdTrace to use our API
- doesn’t have a password (uses system generated web token)
- ability to request new token, process for token expirations generate new API Key
- has basic permissions which are essentially Administrator type privileges to things like: Admin CCE, Admin Requisition etc.
...
# | Title | User Story | Label | Importance | Jira ticket | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Manage API keys | As an administrator I need to manage API keys so that an external partner can access OpenLMIS. Acceptance Criteria:
| Must Have |
| |||||||||||
2 | Manage multiple partners' API keys | As an administrator I want to assign API keys to different external partners who access OpenLMIS. Acceptance Criteria:
| Nice to Have |
Diagrams
Dependencies
...
# | Question | Outcome | Status |
---|---|---|---|
1 | Should this process support the admin setting up a username for any new system that requests access? | ||
2 | What types of permissions will be included in this service account? Are there multiple types or levels of service accounts that we need? Do we need new permissions? Are new permissions being created for Fulfillment (that would be dependencies to completing this feature)? Are we only allowing viewing or does this service account need edit permissions also? | ||
3 | Is there a logging or auditing process that we will use to track requests from this service account, or any of these types of service accounts that the administrator creates? | ||
4 |
Out of Scope
- Automated notification to external partner that their API Key has been changed