API access

You can enable API access for external tools that need to communicate with OpenText Core Software Delivery Platform.

Overview

For external tools to access OpenText Core Software Delivery Platform, you must grant them registered access keys. The tools use the access keys for authentication when communicating as clients.

Tools that need authentication include:

  • The Application Automation Tools and CI  plugins. For details, see CI server integration.

  • The interactive API client.

  • Other 3rd-party tools and APIs that need to communicate through integration, such as those located behind a firewall.

  • Auto actions within a release process. For details, see Auto actions.

Note: For details on creating API access keys through the REST API, see API access keys (technical preview).

To view the list of API keys:

  1. Open the global menu and select AdministrationGeneral Settings.

  2. Select a shared space .

  3. Select the API Access tab.

Back to top

Integration types

When providing API access to tools, integration types are automatically assigned to each tool. The default integration type is 3rd-party integration. Other integration types can be assigned, based on the roles you assign to the tool.

When viewing the list of external tools that have been granted API access in the grid, you can see each tool's integration type, but you cannot modify the type.

Note: Most roles can be customized. Roles and their permissions might be different for your organization.

Integration type Description Role
CI/CD Integration

Enables integration with CI/CD servers such as Jenkins and TeamCity.

This integration connects on the shared space level. It can access any workspace on which the CI/CD Integration role is assigned.

 CI/CD Integration
3rd-party Integration

Enables 3rd-party tools to integrate freely. You can use this integration type as a default, and define roles, to get exactly the access the tool needs.

This integration operates on any workspace or space.

 Any role can be assigned

Back to top

Create an API access key

This section describes how to create an API access key.

If the new key is replacing a previous one, you should revoke the previous key. For details, see API key maintenance.

To create an API access key:

  1. Open the global menu and select AdministrationGeneral Settings.
  2. Select a shared space .

  3. Select the API Access tab

  4. Click the + API Access button.

  5. Provide a name for the access key.

    Note: The name of the API access key can include only English characters.

  6. (Optional) Set an expiration date for the API key, and enter a description if needed. This can be useful if you want to provide a third-party with API access for a limited time.

  7. Assign to workspaces and roles: 

    Field Description
    Role Select the role that the tool uses to access OpenText Core Software Delivery Platform. For a description of the predefined roles, see Predefined roles.
    In workspaces

    Select the workspaces that the access key is assigned to:

    • To assign to all workspaces, select [All workspaces]. The access key is assigned to all existing workspaces and to all future workspaces. The key is also assigned to deactivated workspaces when they are reactivated.

    • To assign to selected workspaces, select workspaces in the list.

    To select more roles, click Add role to assign.

    Note:  

    • For API access keys used for release process auto actions with authentication, you must assign the Release Manager role. For details, Auto actions.

    • For API access keys used for CI server integration, you must assign the CI/CD Integration role. These keys are used by the plugins that support CI integration, and when using the REST API to manage pipelines.

  8. Click Add.

    A dialog box opens with a Client ID and a Client secret. Click Copy to save the keys to the clipboard. This is the only time that the newly-generated key will be visible. You must either use it immediately, or save it somewhere for later use.

  9. Click OK. The access ID is added to the grid with an Active status.

Back to top

Cross-space API keys

If your organization manages multiple spaces, you can enable the use of the same API keys in all the spaces.

Note: To enable cross-space API keys, submit a support ticket.

To create cross-space API keys:

  1. Create an API key in one of the spaces. For details, see Create an API access key.

    Copy the Client ID. You will need to enter the same client ID in the other spaces.

  2. Open another space. Click the arrow next to the API access button and select Cross-space API access. The Add cross-space API access dialog box opens.

  3. In the Cross-space client ID field, enter the client ID from the first space.

  4. Assign roles and workspaces for the API key in the current space.

    The new API key has the same client ID and secret as the original API key.

  5. Repeat steps 2-4 in all the spaces in which you want to share the same API key.

Cross-space APIs are indicated in the Is cross-space field.

Note:  

  • If you revoke, regenerate or change the expiration date of a cross-space API key, all the linked API keys will be updated accordingly.

  • Deleting a cross-space API key from one space will not affect the linked API keys in the other spaces.

  • If you delete all the linked cross-space API keys, the remaining linked API key will be switched to a regular single-space key.

  • Cross-space API keys remain active even after disabling the cross-space API key support. You need to also delete the keys themselves.

Back to top

API key maintenance

You can modify, revoke, and regenerate API keys.

To maintain API keys:

  1. Open the Settings menu , click Spaces, and select a space.

  2. Select the API Access tab.

  3. Perform one of the following actions:

    Action Description
    Modify a key's properties

    To modify a key:

    1. Click a key's ID.

    1. Edit the key's expiration date, roles, name, and description.

    Revoke a key's access Select one or more keys in the grid and click the Revoke access button .
    Regenerate a key's access

    Select one or more keys in the grid and click the Regenerate access button .

    New client secrets are issued for the regenerated keys.

Back to top

Set an email address for API access

If an integration using an API access key sends emails, you can define the email address that is used for this purpose. Enter the email address in the SMTP_NOTIFICATION_SENDER_EMAIL parameter. For details, see SMTP_NOTIFICATION_SENDER_EMAIL.

Back to top

Access key language

When you send an API request using a local API access key, the response is returned in the language that was set as the default UI language when the access key was created.

You can change the access key language using a PUT request.

For a list of the possible language values, see DEFAULT_LANGUAGE.

Note: Space admin permissions are required. For details, see Roles and permissions.

The following example updates the language to Spanish for all access keys in a shared space.

Copy code 
PUT …/api/shared_spaces/<shared_space_id>/users?fields=api_access,language&query="is_api_key EQ true"
{
    "data": [
        {
            "language": "lang.esp"
        }
    ]
}

To change the language of a specific API key, filter by name. The name is the Client ID in the API Access tab.

Copy code 
PUT …/api/shared_spaces/<shared_space_id>/users?fields=id,language&query="name EQ 'aaa_635ejde8dlem3iomn3pw9zd4g'"

See also: