Set up API access
API key authentication provides a secure authentication mechanism for external applications accessing OpenText Enterprise Performance Engineering's API.
Overview
For applications to access OpenText Enterprise Performance Engineering, you must grant them registered access keys. These applications use the access keys for authentication when communicating as clients with OpenText Enterprise Performance Engineering.
Applications that need authentication include:
-
OpenText Enterprise Performance Engineering's CI and Application Automation Tool plug-ins: Git, Bamboo, TeamCity, Jenkins, and Azure DevOps. For details, see Plug-ins.
- Other third party applications and APIs that need to integrate with OpenText Enterprise Performance Engineering, such as those that are located behind a firewall.
The OpenText Enterprise Performance Engineering administrator generates and manages the list of API access keys for OpenText Enterprise Performance Engineering.
-
Each API access key includes a Client ID and a Secret Code for applications to use when authenticating. The secret key is like a user password and should be recorded securely.
Tip: OpenText Enterprise Performance Engineering generates each secret key once only, and the secret key cannot be retrieved later. If a new secret key is needed, delete the access key, and then regenerate a new access key. For details, see Delete API access keys and Create API access keys.
-
Each API access key is associated with a OpenText Enterprise Performance Engineering user. Therefore, when an application uses an API key to access OpenText Enterprise Performance Engineering, the application is limited by its user's permissions.
-
You can use an API access key to access OpenText Enterprise Performance Engineering only if it is currently listed as
Active
in the list of API keys.
Create API access keys
To create an API access key and associate it with users, perform the following:
-
In Administration, select Management > Users and click the Access Keys tab.
-
On the Access Keys toolbar, click the Add Access Key button
, and select a user to associate with the key (the users list displays users with
Active
status only).Note: An administrator can assign up to two keys per user.
-
Click Generate Access Key. You receive a Client ID and Secret Code, which you need to provide to the person who needs to use this key for authentication.
-
Click Copy to Clipboard to copy these keys to the clipboard so that you can use them when configuring the applications that need to access OpenText Enterprise Performance Engineering. The keys are copied in JSON format to the clipboard.
-
Click Save. The access key is added to the grid. Note that its status is
Active
.The User Status column reflects the status (
Active/Inactive
) of the user associated with the API access key. When the User's Status isInactive
, the values displayed in the User Name and User Status columns appear dimmed.
Deactivate and reactivate API access keys
You can deactivate API access keys when you want to temporarily block API keys from accessing OpenText Enterprise Performance Engineering.
-
In Administration, select Management > Users and click the Access Keys tab.
-
Select the row of the access key you want to deactivate.
-
Click Deactivate. The access key is immediately revoked and its status changes to
Inactive
.When you deactivate an access key, the user associated with the key is blocked from accessing the system with external applications using this deactivated key.
To reactivate if necessary, select the row of the access key that was deactivated and click Activate. The access key is immediately restored and its status changes to
Active
.
Delete API access keys
When you delete an API access key, the user associated with the key is blocked from accessing the system with external applications using this key.
-
In Administration, select Management > Users and click the Access Keys tab.
-
Select the row of the access key to be deleted.
-
Click the Delete Access Key button
. The access key is deleted from the grid.
Note: If a user is deleted from Administration, all the user's access keys are deleted automatically.
Track API connections
You can track API connections to OpenText Enterprise Performance Engineering in the Connection Audit page. For details, see Track user login and logout connections.
See also:
- Administration REST API: Authenticate the user
- OpenText Enterprise Performance Engineering REST API: Authenticate the user
- Project and user management