Security keys protect access to the API associated with an OnTime account. Programmers and third parties that would like access to the API will need, by default, a security key. To create a security key, the OnTime account holder should follow these steps:
- Open OnTime Management Suite.
- Navigate to General Options and choose the Connections section.
- Under the Online API section, click the New button.
- Enter a Name (generally the name of the developer or application).
- Specify a Key by clicking the button labeled Generate New Key to automatically generate a unique security key.
- Unless restricting access to a single customer's account, leave the Scope set to All data in this account. (See Limit API Access to a Single Customer below)
- Choose the Permissions that provide access to the required record types. By default, all permissions are set to Deny. A good rule of thumb is to only Allow permissions that are required, leaving all others set to Denied.
- Click OK to make the security key active in the account.
Limit API Access to a Single Customer
The OnTime REST and SOAP APIs support limiting access to data associated with a single customer account. Typically API access could span an entire OnTime account, but customers can be provided with secured direct access to the API with the data limited to their account only.
Limit API access to a single customer by configuring an API security key with the Scope set to Only data associated with a specific customer. Doing so will cause a Customer list to appear. Select the desired customer from the list.
More information about the OnTime API can be found here: