Users who authenticate through the latest CCW REST API now have more control over security through a new self-service capability that allows Customer Integration Admins or VMS users to register their API Consumer Apps, and manage the credentials required to access the API.
How it works
Customers and partners looking to integrate with CCW APIs must register their system as an API consumer app, which is a set of CCW API resources accessible with a common set of credentials. Apps are associated with a set of API scopes and permissions that control the resources the API can access and the actions it can take.
Register a New App
Customer Integration Admins can navigate to Integration Toolkit > API Consumer Apps and click Create to register an API consumer app.
Provide the following information to create your API app (all fields are required).
- Application Name - Enter a name that identifies your API app.
- Application Description - Describe what the app is used for.
- Contact First/Last/Email Address - Enter the name and email of someone who CCW's support team can contact if there are technical issues with the app.
- Application Type - Currently, only OpenId Connect apps that require faceless Machine to Machine integrations with Client Credential grant types are supported. In future releases, web and device apps requiring Authorization Code, Device Code and other grant types will be supported.
- Application Category - Select the category that best applies: Customer, Partner, Supplier or MSP.
- Active - Apps are set to Active status by default. Remove the checkmark to make the app Inactive.
- Credential Type - Set to Shared Secret. Your Secret is generated when these settings are saved. In a future release, the JSON Web Key (JWKS) based credential type will also be supported.
- Client ID (read-only field) - The auto-generated Client ID is part of your OAuth 2.0 client credentials, used to authenticate requests to the CCW API. Client ID is a unique random string that starts with "CCW" + your client prefix. To copy the Client ID, click the Copy button to the right of the field.
- API user - Users who have been approved and set up as API users by the CCW support team can be selected here. Please work with your Coupa Admin to set up API users.
- Scopes - Every CCW API requires a specific Scope, or end point. API's currently available with a Scope:
Click Save. Your Client Secret is generated and displayed in a green banner. Copy/paste the Client Secret and store it in a secure location before closing the banner by clicking the X.
If you lose your Client Secret, you'll need to re-generate your credentials by editing the app and clicking Generate next to the Client ID field. For security purposes, the Client Secret is not stored on the CCW system.
View Your Apps
If apps have already been created by you or others in your organization, a grid listing your existing apps is displayed when you navigate to Integration Toolkit > API Consumer Apps.
The Status column indicates whether an app is Active or Inactive. Click the three dots to the right of the Status column to Edit the app on that row. For Inactive apps, the option to Delete the app is available as well.
If there is a long list of apps, you can search for app Names or Categories, as well as users (listed in the Created By column), dates (listed in the Created Date and Last Modified columns), etc. Just type in the Search box and click the magnifying glass icon to narrow down the results.
Roles and Rights
New access rights determine if a user can access Integration Toolkit > API Consumer Apps to view existing apps, and/or create (register) a new app(s) and manage credentials:
- Integration Toolkit > API Consumer Apps > View API Client App - allows access to view the list of API Consumer apps. Off by default.
- Integration Toolkit > API Consumer Apps > Manage API Client App - allows access to create and manage API Consumer apps. Off by default.