API Key generation | Community
Skip to main content
J
jjsaunders
Level 4
May 20, 2021
Solved

API Key generation

  • May 20, 2021
  • 4 replies
  • 1966 views

The documentation says that to generate an API key for a non-admin users you have to disable SSO for the entire instance. Is there any other way to do this? Maybe through Fusion?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by jjsaunders

I think the answer may be to

  1. Create a new user with system admin access level
  2. Login as that user and generate the API Key
  3. Switch the user's access level

4 replies

Doug_Den_Hoed_AtAppStore
Community Advisor
Doug_Den_Hoed_AtAppStoreCommunity Advisor
Community Advisor
May 20, 2021

Hi Jason,

The Great Power is at https://atappstore.testdrive.workfront.com/attask/api-unsupported/ssopt/metadata, but given the Great Responsibility, I recommend you not automate it.

Happy to philosophize offline some time -- doug.denhoed@atappstore.com

Regards,

Doug

J
jjsaundersAuthor
Level 4
May 20, 2021

Thanks for the reply. To clarify, the goal was to create an API key without turning off SSO for the entire instance, not to automate the creation of API keys.

Doug_Den_Hoed_AtAppStore
Community Advisor
Doug_Den_Hoed_AtAppStoreCommunity Advisor
Community Advisor
May 20, 2021

Gotcha Jason,

Given the documentation, I agree with you that creating an API key without turning off SSO for the entire instance does not seem possible. That said, it might be worth trying anyways: sometimes, the API has more latitude than does the user interface.

And to clarify my Great Responsibility comment, although it appears to be technically possible, I would not recommend using the API to automatically 1) turn off SSO, 2) create the API key(s), then 3) turn on SSO, as it is contrary to the intention of SSO.

Regards,

Doug

imgrund
Adobe Employee
imgrundAdobe Employee
Adobe Employee
May 24, 2021

This is interesting... I don't remember ever having to turn off SSO completely when needing to do an integration account. You do need to turn off "Only Allow SAML 2.0 Authentication" on the user level because they do need a username and password to get a key.

I usually, uncheck the box, give the account a temporary password, log in as the account to change the password to something permanent, and then create the API key.

But it has been awhile since I needed to create a new Integration account so maybe things have changed recently.

J
jjsaundersAuthor
Level 4
May 24, 2021

Anthony,

When I tried that it gave me an error :

method PUT is not allowed for authorization type COOKIE

J
jjsaundersAuthorAccepted solution
Level 4
May 24, 2021

I think the answer may be to

  1. Create a new user with system admin access level
  2. Login as that user and generate the API Key
  3. Switch the user's access level
    Doug_Den_Hoed_AtAppStore
    Community Advisor
    Doug_Den_Hoed_AtAppStoreCommunity Advisor
    Community Advisor
    May 24, 2021
    I agree, Jason: sufficient, but less risky. Good workaround. Regards, Doug
    Terms & ConditionsAccessibility statement

    Loading footer...