During 2023, we are improving the security of Provet Cloud APIs by updating our API authorization method. We are transitioning from API keys to OAuth 2.0, a recognized industry standard, which makes online authorization easier and safer.
Currently any new integration should not start using API keys even though they are still available in Provet Cloud settings. They are still available only for existing integrations. We will disable the creation of new API keys in Provet Cloud in the end of October 2023. If you have an existing integration using API keys, please switch to OAuth 2.0 as soon as possible and preferably before November.
After October even an admin Provet Cloud user can't add new API keys in their Provet Cloud instance. They can only add integration applications with OAuth 2.0 after that. If you need to take an integration still using API keys into use after that, you have to contact Provet Cloud support.
The goal is to revoke all existing API keys at the end of December 2023. That is the absolute deadline for the change. This applies to sandbox environments as well. Even if you are not yet live with your integration, you should switch to OAuth 2.0 if someone has created you API key to your sandbox.
Developer TODO List
- Read about new Provet Cloud API settings on Provet Cloud Support page. You can see examples how to use OAuth also in our developer documentation
- Contact our support and ask for OAuth credentials to your sandbox environment (we want to know the Provet Cloud ID)
- If you don't have an existing sandbox anymore, we can create a new one for you
- The support will need some information from you to generate the integration template:
- Name of the integration
- Description of the integration to be shown in Integration Catalogue
- Owner of the integration and their contact information
- Whether you want to use client credentials or authorization code grant type
- Email address or hookup URL where the client details are automatically sent when the application is added on a Provet Cloud.
- Change your integration to use OAuth 2.0 instead of API keys and test it in the sandbox environment.
- When you are ready to go live, contact us again and we will publish your application to tenants using your integration.
- You can then add the client information to your integration and go live with the version using OAuth 2.0.
We are here to help you! If you have any questions, submit a request for our support team.
Why Is This Happening?
This change offers numerous benefits to both Provet Cloud users and developers utilizing Provet Cloud APIs.
More Security For Our Clients' Data
The primary advantage for users is the heightened level of security. Provet Cloud APIs are highly versatile, allowing users to not only read data but also create, edit, and delete it through the endpoints. With OAuth the integrations are centrally managed within a single authorization server, simplifying the management of access control policies, user permissions, and application registrations.
The access tokens need to be renewed every 10 hours, which mitigates the risk of unauthorized access if the client credentials were to fall into the wrong hands. The tokens can also be easily revoked, if needed.
Furthermore, when an integration is activated on a Provet Cloud tenant, a virtual user is generated specifically for that integration. This enables granular authorization: Access levels and rights for these virtual users can be managed in the same manner as regular users. This way, access can be granted on a per-user or per-application basis, ensuring that only the necessary privileges are granted.
Overall, OAuth 2.0 offers a robust and flexible framework for authentication and authorization, addressing many of the limitations and security concerns associated with traditional API keys. It provides improved security, granular control, token expiration and revocation, and centralized management, making it a preferred choice for secure API access.
More Automation for Partners
For developers, OAuth 2.0 provides enhanced automation. Whenever an integration is activated on a Provet Cloud tenant, new client credentials are automatically generated for that specific tenant. Developers can specify a designated hook URL where the new credentials can be sent, streamlining the process of adding new client tokens.
Additionally, integrations can be showcased to users in the Provet Cloud catalog. Users can easily browse and add available integrations to their Provet Cloud accounts. The catalog provides concise descriptions and setup instructions for each integration, enhancing usability for end users.