This article gives instructions on how to create API users and apply API tokens in Postman.
Article Navigation
Introduction
API stands for Application Programming Interface and is a connection between computers or between computer programs.
In contrast to a UI (user interface), which connects a computer to a person, an API connects computers or pieces of software to each other.
WARNING: An API token allows access to domain code. APIs are not intended to be used directly by individuals (end users). Only a programmer or developer should use APIs, when they need to implement the Monsido API on in other applications or CMS systems, for example.
β
βAlways verify the user identity and role before sending out an API token to an individual.
Monsido supports API use. The API can be based on the customer location, and so we have 3 APIs:
To use the Monsido API, your application has to present user credentials (the token) in an authentication software program (such as postman). The API user account can only be used for API access. It is recommended to create a new user account specifically for this purpose and assign the API user scope to it via the free-text field.
The responsibility/troubleshooting for making API calls lies solely with the customer. Monsido cannot assist or troubleshoot beyond the topics in this article.
Prerequisites
Important!
Monsido is unable to support or troubleshoot API calls. This function is solely a customer responsibility.
An API token allows access to domain code. APIs are not intended to be used directly by individuals (end users). Only a programmer or developer should use APIs, when they need to implement the Monsido API on in other applications or CMS systems, for example.
Please see our Monsido for Developers article for more detailed information:
Instructions
Note: This capability is not yet available to all customers, please contact support if you would like to implement API Users for your website.
This section gives instructions on how to add an API user account. Only users that are assigned Admin status within Monsido can access and create API users.
Click Admin Settings (the gear icon) at the top of the Monsido landing page. The Admin Settings page opens.
Note: The Settings button is only available to site admins.
The Domain Settings page opens.
Click API Users from the menu on the left side of the page.
The API Users page opens.
The page is a chart of existing API users with their scope.
API URL: The URL where the user has access.
Description: A description of the access that is granted.
Scope: The scope of the user permissions. In most cases, Customer is sufficient.
Action: Click the drop-down arrow and select from the menu:
See API token: A pop-up window opens with the token.
Click Copy (papers icon) to copy the token to the clipboard.
Revoke token: Click to revoke the token. A pop-up. message informs, "Are you sure you want to revoke the token for API User xxxx
βNote A new token will be created in it's place". The token is replaced with a new token. Click OK to revoke the token, or Cancel to cancel the request.Delete: Remove the user, including the token and scope. A pop-up message asks, "Are you sure you want to delete the API User xxxx". Click OK to delete the user, or Cancel to cancel the request.
Click Add API User, on the upper right side of the page.
The API User page opens.
User Type: Tick the box to select the user type. In most cases, Customer is sufficient. See below for the differences in API user types.
Important! Only users that are assigned Admin status within Monsido can access and create API users. Other users must request the API token from an admin.
For more information, see the User Guide chapter:
CMS: Receives the CMS user type via the API. CMS permissions are restricted to:
index/conceal domains
get domain
index domain pages
get/scan domain page
CMS users must contact a site admin in order to receive the API token.
For more information about how to set up a CMS for the Monsido scan, see the article in Monsido for Developers:
Customer: Receives the Customer permission via the API. Customer tokens cannot be used to edit the account, they can only be used to edit on the module level.
Customer users must contact a site admin and request the API token.
Admin: Receives full permission via the API. Admins can GET, POST, DELETE, and PATCH on any circumstance.
Description: Free-text field, enter a description for this user. If needed, include an email address to specific users or agencies in order to verify API token requests.
Additional Resources
For more information, see the User Guide chapters:
Note: The responsibility/troubleshooting for making API calls lies solely with the customer. Monsido support cannot assist or troubleshoot external applications.
For definitions and explanations of acronyms and abbreviations used in the Monsido User Guide, see:
For further assistance, contact the Monsido support team at support@monsido.com or use the Monsido chat and help features inside the application.