Dedicated API integration account in PSA
Introduction
PSA allows you to create API-only access user types for the purpose of OAuth integrations with other apps. A userless alternative is available with no license consumption on the account.
Setup
- Create a new employee in HR > Employees.
- Choose the User Type as Api Employee.
IMPORTANT API users will no longer be enforced for MFA.
Users with API user type access can now create a password of their choice using the reset password screen.
- Navigate to the gateway link, enter your username and choose reset password OR
- Admins can select the API user and choose Reset and Send instructions.
- API users will receive the link to change or create the password.
- Create your new password and use this to authenticate your API calls.
- API user type will not be able to login into the system. UI access is limited to the reset/create password screen.
-
API users will need to have a valid email for this to succeed.
Features
- API Employee account can be used to set up integrations between any app that uses OAuth
- API Employee account will not be able to login to the user interface, user password cannot be manually reset.
- API Employee user types cannot be edited.
- It won't consume any license from your subscription.
- Users with API employee type will be listed only under HR > Employees
- Existing users with Employee or External Employee user types cannot be changed to API Employee.
- API Employee user type cannot have an external security role. The system will throw an error.
- Error! Cannot add external roles to internal users.
- These users can be used for the token generation with third party apps using basic authentication.
Basic authentication
API token access can be granted to the API Employee account. Users with non Administrator roles will have to enable API Access in Admin> Security > Roles > Admin. This will allow these users to use the account for a token generation with API integrations or any third-party apps like Postman.