In addition to client credentials, the application also needs permission from the user to access the data and use the functionalities on his behalf. This permission is granted through the transfer of the API key. To do so, the user navigates to the Floriday settings. Here he can give permission to an application, after which an API key is generated. This key must be transferred to the application. This is often done by copying and pasting it into the application.
1 API-key = 1 Organization ID = 1 GLN company code
1 API-key authorizes the combination of 1 organization and 1 application.
1 organization corresponds to 1 GLN company code.
If an implementation requires access for more than one organization (e.g. sales agent for multiple supplier organizations), for every organization an API-key is required.
You can copy the API-key into the application by logging into Floriday and selecting the desired application via settings, apps and links. The user can then add his application and copy the API-key into the Application.
It is possible for an user to deny access to an application at a later stage. This invalidates the API-key. If the user forgets the API-key or wants to add the application again he will have to generate a new API-key.
Using the API key and the JWT-token in combination, the APIs can be accessed in Floriday.
The client application can check if the user inserted the correct API-key in the application by sending the API-key to Floriday Identity check. Floriday returns the Organization ID and Client ID of the API-key for validation by the client application.
Updated 2 months ago