In addition to client credentials, an application also needs permission from the user to access the data and use the functionalities on his behalf. This permission is granted through the transfer of the API key.



Generating an API key

To generate an API key, the user must log in to the Floriday application and go to Settings > Apps & Integrations.

Take note that the API keys used for staging environments are not the same as the API keys for the live environments. A seperate API key must be generated per environment.

πŸ‘

Direct links to the Apps & Integrations page



In here, the end user needs to search for your application, click on it and click on the Add application button.


An API key will then be generated.



🚧

The API key is only shown once

The user needs to copy the API key and enter it in the application. For security reasons, the API key will only be shown once.

In case the user forgets to copy or loses the API key, they will need to remove and re-add the application in Floriday, in order to acquire a new API key.


πŸ“˜

1 API key = 1 Organization ID = 1 GLN company code

1 API key authorizes the combination of 1 organization and 1 application.

1 organization corresponds to 1 GLN company code.

If an implementation requires access for more than one organization (e.g. sales agent for multiple supplier organizations), an API key needs to be generated for each separate organization.




By using the API key in combination with the JWT-token, the user's data can be accessed.



Removing an API key

It is possible for a user to deny access to an application at a later stage. This is done by removing the application in Floriday, which in turn invalidates the API-key.

If the user misplaces the API-key or wants to add the application again, the user will need to generate a new API-key.



Authorization

The next step is to choose an authorization method with which to gain access to the user's data. There are two authorization methods to choose from: