API Authentication¶
EnOS API authentication uses service accounts (SA) to verify the identity of applications or developers. When making requests to the EnOS API, application developers need to send the SA to EnOS, which will use it to verify the user’s identity and perform the necessary authorized access.
Prerequisites¶
Make sure your account in EnOS Application Portal has the role of DCM Admin or App Developer and can access the Developer Console. If not, contact the OU administrator to assign a role to your account.
Step 1: Getting the Service Account¶
Operated By: Application Developer
Service account(SA) consists of AccessKey and SecretKey of the application. One application corresponds to one SA. You need to first get the SA of the application as the credentials for calling the EnOS APIs.
Log in to EnOS Application Portal, select the
button in the upper right corner, enter the Developer Console, and select App > Application Registration in the left navigation bar.Select 1 existing application, or add a new application to the OU using any of the following methods:
Register an application: Create a new application from scratch within the OU. See Registering an Application.
Obtain an application: Obtain 1 existing application from another OU to the current OU. See Obtaining an Application.
Under the OU Apps or Obtained tab, click the application card to open the Application Details page and view the application’s
AccessKeyandSecretKey.
Step 2: (Optional)Getting API Calling Permissions¶
Operated By: Application Developer
Note
By default, you can call the EnOS APIs without any authorization. Only before calling the following APIs, you need to get API calling permissions for your application:
If you do not need to call these APIs, you can skip this step.
Follow these steps to assign API call permissions to your application:
Log in to EnOS Application Portal, select the
button in the upper right corner, enter the Developer Console, and select Application > API Management > API Authorization in the left navigation bar.Select New Authorization, and configure the following information:
Authorized Application: Select your application name.
Authorization Method: Select Manually and check the APIs that require authorization in the API list below.
Step 3: (Optional) Getting Resource Permissions¶
Operated By: OU Administrator
Note
By default, you can read and write all resources on EnOS through the EnOS APIs without any permission restrictions. Only when calling Common Data Service requires contacting the OU administrator to assign resource permissions to the application in order to read or update these resources. If you do not need to call the Common Data Service APIs, you can skip this step.
OU administrators can assign resource permissions to applications by following these steps:
Log in to EnOS Application Portal, select the
button in the upper right corner, and enter the Admin Console.Select the Application Management menu, find the application that requires authorization in the application list, select … > Manage, and enter the application details page.
In the Grant Resource Permissions on the application details page, assign the corresponding resource permissions to the application:
Do not grant resource permissions: The app cannot get any resources for the current OU through the APIs.
Allow this application to get all resources as an OU administrator: This application can get all resources of the current OU through the APIs.
Allow this application to get the specified user’s resource permissions: The permission scope of the application will be consistent with the permission scope of the specified user.
If the permission range of an existing user is not applicable, you can refer to Assigning Resource Permissions to configure the permission range for the user.
If there are no available resources, you can use Register Resource API to register resources for the current OU.
Results¶
You can use the application SA to get or update specified resources by referring to Invoking EnOS APIs Using EnOS SDKs or Invoking EnOS APIs Using Access Token.