Set up API access

API key authentication provides a secure authentication mechanism for external applications accessing OpenText Enterprise Performance Engineering's API.

Overview

For applications to access OpenText Enterprise Performance Engineering, you must grant them registered access keys. These applications use the access keys for authentication when communicating as clients with OpenText Enterprise Performance Engineering.

Applications that need authentication include:

  • OpenText Enterprise Performance Engineering's CI and Application Automation Tool plug-ins: Git, Bamboo, TeamCity, Jenkins, and Azure DevOps. For details, see Plug-ins.

  • Other third party applications and APIs that need to integrate with OpenText Enterprise Performance Engineering, such as those that are located behind a firewall.

The OpenText Enterprise Performance Engineering administrator generates and manages the list of API access keys for OpenText Enterprise Performance Engineering.

  • Each API access key includes a Client ID and a Secret Code for applications to use when authenticating. The secret key is like a user password and should be recorded securely.

    Tip: OpenText Enterprise Performance Engineering generates each secret key once only, and the secret key cannot be retrieved later. If a new secret key is needed, delete the access key, and then regenerate a new access key. For details, see Delete API access keys and Create API access keys.

  • Each API access key is associated with a OpenText Enterprise Performance Engineering user. Therefore, when an application uses an API key to access OpenText Enterprise Performance Engineering, the application is limited by its user's permissions.

  • You can use an API access key to access OpenText Enterprise Performance Engineering only if it is currently listed as Active in the list of API keys.

Back to top

Create API access keys

To create an API access key and associate it with users, perform the following:

  1. In Administration, select Management > Users and click the Access Keys tab.

  2. On the Access Keys toolbar, click the Add Access Key button Add button, and select a user to associate with the key (the users list displays users with Active status only).

    Note: An administrator can assign up to two keys per user.

  3. Click Generate Access Key. You receive a Client ID and Secret Code, which you need to provide to the person who needs to use this key for authentication.

  4. Click Copy to Clipboard to copy these keys to the clipboard so that you can use them when configuring the applications that need to access OpenText Enterprise Performance Engineering. The keys are copied in JSON format to the clipboard.

  5. Click Save. The access key is added to the grid. Note that its status is Active.

    The User Status column reflects the status (Active/Inactive) of the user associated with the API access key. When the User's Status is Inactive, the values displayed in the User Name and User Status columns appear dimmed.

Back to top

Deactivate and reactivate API access keys

You can deactivate API access keys when you want to temporarily block API keys from accessing OpenText Enterprise Performance Engineering.

  1. In Administration, select Management > Users and click the Access Keys tab.

  2. Select the row of the access key you want to deactivate.

  3. Click Deactivate. The access key is immediately revoked and its status changes to Inactive.

    When you deactivate an access key, the user associated with the key is blocked from accessing the system with external applications using this deactivated key.

    To reactivate if necessary, select the row of the access key that was deactivated and click Activate. The access key is immediately restored and its status changes to Active.

Back to top

Delete API access keys

When you delete an API access key, the user associated with the key is blocked from accessing the system with external applications using this key.

  1. In Administration, select Management > Users and click the Access Keys tab.

  2. Select the row of the access key to be deleted.

  3. Click the Delete Access Key button Delete button. The access key is deleted from the grid.

Note: If a user is deleted from Administration, all the user's access keys are deleted automatically.

Back to top

Track API connections

You can track API connections to OpenText Enterprise Performance Engineering in the Connection Audit page. For details, see Track user login and logout connections.

Back to top

See also: