To get an API token, create a Technical User. Manage Technical Users collaboratively with other administrators.
As an administrator, you can get an API token by creating a technical user. With an API token, you can request an access token to authenticate to SAP LeanIX services. For more information, see Authentication to SAP LeanIX Services.
With technical users, you get the following benefits:
- Integrations are no longer tied to a specific person, which allows you to avoid problems such as the person being on vacation or otherwise unavailable.
- Users who don't have access to a workspace can still manage integrations and access SAP LeanIX APIs.
- Technical Users can be subscribed to fact sheets for better integration building.
- Technical Users can be subscribed to notifications with a group email address, which allows you to efficiently manage notifications in your organization.
Creating a Technical User
Follow these steps:
-
In the user profile menu, select Administration, and then go to Technical Users.
-
Click New Technical User.
-
Enter the details for a Technical User:
- Username: Enter a username for the Technical User.
- (Optional) Description: Enter a description for the Technical User.
- Permission Role: Select a permission role: Admin, Viewer, or Member.
- (Optional) Customer Roles: Roles that you can define and configure in services that support them, such as the Pathfinder. In contrast, standard roles are an integral part of the SAP LeanIX authorization scheme and are recognized and supported by all services. You can configure custom roles only if your organization manages user roles within a single-sign-on (SSO) identity provider. For more information, see Managing User Roles with SSO.
- (Optional) Access Control Entities: Use this parameter to map a Technical User to Access Control Entities (ACEs) and Access Control Lists (ACLs) created with virtual workspaces. To learn more, see Virtual Workspaces.
- Expiry Date: Set the expiration date for the API token associated with this user.
-
Click Save.
Creating a Technical User
A Technical User is created, and an overlay with an API token is displayed.
Save the API token. It is shown only once.
An API token is generated once you have created a Technical User
Managing Technical Users
Multiple administrators can collaboratively manage technical users. As an administrator, you can:
- Create technical users
- Replace the API token of a technical user: To do this, click Replace token on the technical user you need, then confirm your action. When you replace an API token, the previous token is disabled. Any integrations or scripts using the previous token will stop working.
- Update a technical user: To update the details associated with a technical user, select a user on the Technical Users page, and update the information you need. You can change the expiration date of the associated API token, but this action doesn’t replace or delete the token.
- View the changelog of associated actions: To view the history of updates for a technical user, click History on the technical user you need. You can see the full changelog of actions associated with the user.
- Delete a technical user: To do this, click the trash bin icon on the technical user you need, then confirm your action. When you delete a technical user, the API token associated with the user is also deleted. Any integrations or scripts using the token will stop working.
Best Practices
Here are some best practices to securely use API tokens. This list is non-exhaustive.
- Treat an API token like a password or other sensitive credentials.
- Don’t share API tokens with anyone who shouldn’t be using them.
- Delete unnecessary API tokens by deleting technical users.
- Replace API tokens periodically.
- Store API tokens securely, for example, by using secrets management tools.
- Securely use API tokens in your code.
- Transfer API tokens securely.
- Set up monitoring and auditing to detect and respond to any unauthorized access.