Introduced in 8.7.3
Application accounts, or just applications, provide a security context for third-party applications integrated with Alloy Navigator Express via the API. This article describes how to create and manage application accounts for your external applications.
API access tokens obtained using application accounts grant external applications full unrestricted access to all Alloy Navigator Express objects and workflow actions, regardless of their availability limited by security roles.
To authenticate an external application against the API, it must provide valid credentials—an application ID and a secret. Those application credentials are issued by Alloy Navigator Express when you create an application account.
To create an application:
Settings App, go to Accounts and Roles > Applications and click New. The Application dialog box opens.
Enter an application name to the Application Name field. Alloy Navigator Express will use that name to personalize actions that the third-party application will perform in Alloy Navigator Express via the API.
Note that the credentials, Application ID and Secret, are generated automatically.
Application ID - an "application login," an identifier that the application uses when requesting an access token.
Secret - an "application password," a secret string that the application uses to prove its identity when requesting an access token.
Copy and save the Application ID and the Secret for later use.
Click OK to save your application.
Now you can use these application credentials to obtain an access token and allow the application to access Alloy Navigator Express. For details, see API User's Guide: Authenticating Applications.
A secret must be known only to the external application and the authorization server. It protects your Alloy Navigator Express resources by granting access tokens only to authorized applications.
If an application secret is ever compromised, you should generate a new one, and update all authorized application instances with the new secret. Besides that, it is a good practice to change the application secret from time to time.
To generate a new secret:
Under Accounts and Roles > Applications, double-click your application. The Application dialog box opens.
Click Generate New Secret. Copy and save the new secret for later use.
- Click OK to save your changes.
Now you can update configuration of your external applications to use the new secret. For details, see API User's Guide: Authenticating Applications.
IMPORTANT: Generating a new secret makes all application instances to be unable to connect to Alloy Navigator Express until they are updated with the new secret.
When you need to temporarily deny access to Alloy Navigator Express for an external application, you can disable its application account in Alloy Navigator Express. Later, you can enable it.
To disable or enable an application account:
Under Users & Security > Accounts and Roles > Applications, right-click the application, and select Disable or Enable from the pop-up menu, correspondingly.
Alternatively, you can double-click the application to bring up the Application dialog box, and click the Make Inactive or Make Active button there.