Breadcrumbs

Organisation – Partner API (API Credentials Management)

image-20260303-150017.png


Description

When navigating to Settings → Organisation → Partner API, the Partner API page is displayed.

This section allows administrators to create and manage API credentials used to connect external systems to the platform.

It is intended for technical users who need secure access for integrations.

Purpose of This Page

The Partner API section is used to:

  • Generate API credentials

  • Authenticate external systems

  • Enable secure data exchange

  • Integrate with third-party applications

This area is focused on integration and development use cases.

Page Structure

Back to Settings

Located at the top.

Function:

  • Returns to the Organisation settings overview.

Documentation Link

Provides direct access to the API documentation.

Used for:

  • Understanding available endpoints

  • Reviewing authentication methods

  • Implementing integration logic

  • Checking request and response structures

This is primarily used by developers.

Create Credentials Button (Top Right)

Primary action button.

Function:

  • Opens the credential creation flow.

  • Generates a new set of API credentials.

Used when:

  • Creating a new integration

  • Rotating credentials

  • Setting up access for a new system

Empty State

If no credentials exist, the page displays an empty overview.

This indicates:

  • No API keys have been created yet.

  • No external systems are currently connected via Partner API.

A central Create credentials button allows you to generate your first credential set.

When Credentials Exist

If credentials have already been created, this page will display:

  • Existing credential entries

  • Possibly credential identifiers

  • Creation date

  • Status

From there, administrators may:

  • View credential details

  • Regenerate keys

  • Revoke credentials

  • Manage integration access

What Creating Credentials Does

When creating credentials, the system typically generates:

  • Client ID

  • Client secret

  • Access tokens (depending on authentication flow)

These are used by external systems to:

  • Authenticate API requests

  • Retrieve data

  • Perform actions through the Partner API

Credentials must be stored securely.

Security Considerations

This section controls:

  • External system access

  • Data exposure

  • Integration security

Best practices include:

  • Limiting credential access

  • Rotating credentials regularly

  • Storing secrets securely

  • Restricting permissions per integration

What This Section Does Not Control

This section does not manage:

  • Scan app login

  • Event configuration

  • Entrance plan rules

  • Internal operational permissions

It is strictly for external API integration.

Who Should Use This Section

Typically accessed by:

  • Developers

  • Technical administrators

  • Integration specialists

  • System architects

Because API credentials provide system-level access, this section should only be used by authorized technical personnel.