API Application Control Change 2023

During 2023, we improved the security of Provet Cloud APIs by updating our API authorization method. We are transitioning from API keys to OAuth 2.0, a recognized industry standard, which makes online authorization easier and safer.

Timelines

We have been requested to give more time for migrating the existing integrations from API keys to OAuth 2.0. And therefore the new deadline for the change is at the end of Q1 2024. Hopefully this gives everybody enough time to make the changes and test the new connections.

 

Currently any new integration should not start using API keys. They are still available only for integrations that have been live before this migration started. If you need API keys, please contact Provet Cloud support. 

The goal is to revoke all existing API keys at the end of March 2024. This applies to sandbox environments as well. Even if you are not yet live with your integration, you should switch to OAuth 2.0 if someone has created you API key to your sandbox. 

Developer TODO List

  1. Read about new Provet Cloud API settings on Provet Cloud Support page. You can see examples how to use OAuth also in our developer documentation
  2. Contact our support and ask for OAuth credentials to your sandbox environment (we want to know the Provet Cloud ID)
    1. If you don't have an existing sandbox anymore, we can create a new one for you
  3. The support will need some information from you to generate the integration template:
    1. Name of the integration
    2. Description of the integration to be shown in Integration Catalogue
    3. Owner of the integration and their contact information
    4. Whether you want to use client credentials or authorization code grant type
    5. Email address or hookup URL where the client details are automatically sent when the application is added on a Provet Cloud.
  4. Change your integration to use OAuth 2.0 instead of API keys and test it in the sandbox environment.
  5. When you are ready to go live, contact us again and we will publish your application to tenants using your integration.
  6. You can then add the client information to your integration and go live with the version using OAuth 2.0.

We are here to help you! If you have any questions, submit a request for our support team.

Updated

Was this article helpful?

0 out of 1 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.