About API integrations

To run properly, your client applications must integrate with Venafi. Integration requires a master administrator to register the client and assign API access to allow OAuth token usage. The API Integration wizard helps you manage API access.

The wizard requires:

  • The identity of the REST API caller(s).

  • One or more scopes and restrictions that represent the set of API calls that the client will make.

DID YOU KNOW?  Proper integration is necessary. Otherwise, API calls that are out of scope can fail at run time.

 

Who does what?

More than one person may be responsible for managing client integrations and access:

  • The developer supplies a list of anticipated API calls and matching scopes and restrictions. The best way to find this information is in the Scope map for tokens.
  • As administrator, you use the API Application Integration wizard to register and manage scopes.
  • The developer will use those same settings in a REST Authorize call that requests a token from the VEDAuth server.
  • After VEDAuth responds with a token, the developer or client adds the token in the header of every API call . The token is valid until it expires or the grant is revoked.
  • If scope requirements change, you recreate or update the registration. Otherwise, API calls may fail at runtime. After the change, the client can revoke and get a new token.
  • After the client completes its work, it can make a REST API call to revoke the token.