Create and edit API access tokens
Create and manage the tokens needed to use the Fresh Relevance REST API and KPI widgets securely
API tokens can be optionally configured to allow access to only specific areas of functionality and also to specify whether the data can be read or written to.
It's good security practice to ensure you use a token for each part of your system that needs access to the Fresh Relevance Integration API and to restrict those tokens to the minimum access and time period that allows them to achieve their needs.
Token access
Read and/or write access can be granted to tokens for the following areas of the API:
| System area | Description |
|---|---|
| Content | Get/Set content items such as SmartBlocks and Slots. |
| Products | Get/Set Products. |
| Triggers | Get/Set Trigger programs. |
| Content Server Extensions | Content server options which expose full JSON output, and additional data. |
| Bulk Data | Access to PII and other bulk data such as detailed reports. |
| Reports | Access to reports. Some reports may give access to a limited amount of PII, so this should be used with care. |
| System Admin | Access to APIs such as the list of channels, users and similar. |
For each system area, you can control whether access for the token is:
- read-only (GET, HEAD verbs)
- write-only (POST, PUT, DELETE verbs)
or both.
Token types
When creating an access token for Fresh Relevance you need to select the appropriate type to create the token under depending on what API you need to use. The choices are:
- API Key - To access REST APIs (These must be kept secure and not client side)
- Dynamic Content - For embedded dynamic content blocks
- Script Profile - For website based scripts
- Internal API - Reserved use
- Mobile - To access the Mobile and App API
Protect your API keys
Tokens of the type API Key must be treated as sensitive data, and never be distributed to your customers, or anyone else who does not have legitimate cause to require them.
For example, do not embed them on a website, or in a mobile application. If you do, someone malicious could use those credentials to access, edit, or delete your customer data, or send spam or other harmful content which appears to come from your organisation.
Data breaches as a result of such an action could incur large financial penalties. We have some guidance around data legislation for different parts of the world in our Help Centre here, but you must also seek your own legal counsel to ensure you have adequate data protection processes in place.
Create a token
Create token dialogue
- In Fresh Relevance, expand the User menu, and go to Settings > Other Integrations > Fresh Relevance Access Tokens.
- Expand the Create Token drop-down menu.
- Select Expiry date to open the date picker, then select the date you want the token to expire.
- Expand the Token type drop-down menu and choose the token type.
- Enter the token’s name.
This should reflect what the token is used for. - For API Areas Accessible, select the checkboxes for each read / write area you want the token to be granted.
- Select CREATE TOKEN.
Edit an API token
- Expand the User menu, and go to Settings > Other Integrations > Fresh Relevance Access Tokens.
- Expand the Tokens drop-down menu.
- Find and select the token you want to edit.
- Edit the token’s Expiry date, Token type, Name, or API Areas Accessible as required.
- Select UPDATE TOKEN.
Updated 2 months ago