API Key Access

Instead of using a seat (email / password), we would like to have an API key mechanism for authentication. This can be shared with the integration engineers and is not tied to an individual user. 

  • Brian Collins
  • Apr 13 2017
  • Already exists
Release time frame
  • Attach files
  • Admin
    Chris Waters commented
    April 14, 2017 22:01

    It is unlikely that we will provide "API users" that do not correspond to an actual user in Aha!. We need the user record so that permissions can be applied to access through the API.

    However, if it desire is to have an "API key" that can be used instead of the email/password combination in order to access the API then that is possible today with a bit of work:

    1. The API supports access with OAuth tokens: http://www.aha.io/api/oauth2. An OAuth token can be considered to be the same as an API key.
    2. You can generate an OAuth token in your browser without writing any code, but with some careful URL editing.
    3. Follow the instructions for registering an application. You can enter anything for the redirect_uri, it is not actually used, e.g. https://localhost/.
    4. Then in the request to /oauth/authorize use the "token" value for "response_type". Then after the authentication the URL will contain the token.
    5. This token won't expire and can be used in API calls. You can see the tokens you have generated, and revoke them, by going to https://secure.aha.io/oauth/authorized_applications 

    Although this is not documented or supported directly in the UI it is safe to use since it is using the underlying OAuth infrastructure that is used for many integrations. In the future we plan to add a UI to make these steps easier.

  • Brian Collins commented
    April 14, 2017 22:07

    Thanks for the info, Chris!