Overview

Enterprise offers various Rest APIs for third-party integrations or client internal data reporting needs.

These APIs can be found at https://technically.showclix.com/

Creating a User ID for API access

To access the API resources for a specific Seller's data, an individual must have a User within the appropriate Seller's account.

To create the new API user for a third-party partner or client internal data reporting warehouse within your Seller's account:

1. An Admin user must log into the Organization Users page at https://admin.showclix.com/users
   1. Supplement the correct Organization Users page based on your white label URL.
2. Click the Create User button.
   

   

3. Name the API user so that the user is recognizable in case you need to revoke or adjust access later.
4. An email address is required. This is the email address that the API user will use to re-authenticate access if the token expires. This should be the user's email address that plans to access the API.
5. Create a password for this email address. This password will be used with the email address to re-authenticate access if the token expires. Ensure you write down this password to provide to the User, as the password will not be visible once you create the user.
   

   

6. Click the Create User button.
7. After creating the user, you are redirected to the user's account details page.
8. Scroll down to the Permissions section
   1. In the General Permissions area, you can set the permission access for the API user.
      1. For example: Do you wish for the API user to have access to "view," which is read-only/reporting? Do you wish the API user could add/create, edit, or delete data?
      2. This is how you may set up CRUD (create, read, update, delete) access for the API user.
   2. Hover over the "view, add, edit, delete" column headers. If you click on the header, it will either check all or check none for that column of permissions. You may also manually uncheck the checkboxes in each column.
   3. In our example, we have clicked on the "delete" column header in order to uncheck all delete boxes so that our API user has no delete access.
      

      

   4. In the Extended Permissions section, you will typically want to check the Report Builder option to ensure your API user can run standard report flows like a typical client user.
      

      

   5. Now that you have set the desired permissions for this API user click the  Save Permissions box to apply them.
9. Your API user creation is now complete.

Providing Email & Password for API Authentication Token

Once an API user has been created, you should provide the User's email address and user password to the third party or resource using the API user.  

• Reminder: you should have written down the user password during API user creation.
• If you no longer have the password, the API user must use the Forgot Password link with the assigned API user email address.  
  • This Forgot Password link is visible on the admin page of your client log in. Typically at https://admin.showclix.com/login or your substituted client white label domain, such as https://admin.whitelabel.com/login

The API user can then retrieve their integration token by following the steps on the Authentication API documentation at: https://technically.showclix.com/authentication.html  

The API user can also use the Authentication API resource to renew their access to the API if their token expires.

Providing the Integration Token

Besides providing the API user's Email and password, some may wish to create the token themselves. This is also a best practice for users who are having difficulty using the Authentication API.

To create an Integration Token for a user:

1. In your Admin, on the list of Organization Users, click on the Details box for the API user.
   

   

2. This will return your view to the API user's account details page.
   1. You may also complete the steps below during the API user creation.
3. Scroll down to the Integration Token section.
   

   

4. If the API user does not have a token assigned, click the GenerateToken button.
5. This will generate a new token, and the webpage will reload automatically to save.
   

   

6. Provide the entire long token number to the API user.
   1. The API user will have a valid token to use API resources on the https://technically.showclix.com/ website.
   2. Note that this API token's 14-day expiration will not begin until the API user logs into the API resources for the first time.
      1. This is to assist with providing a token to a third-party resource, who may not begin research on the API resources for a couple of days or weeks.

Providing the Integration Token to an Existing User

Existing users in the client's Organization Users list may also be granted an Integration Token.

To generate a token for a standard user, follow the steps in the "Providing the Integration Token" section of this help article.

However, remember that the user's permission access on the user's account details page will apply to both their API access and their Admin abilities within the Seller's box office and other front-end web services.

Token Expiration Dates

Expiration Dates

• This means that after each token use, the expiration date will automatically reset for another 14 days.
• For example, My token is set to expire on January 14th.  I access and make various API successful calls to resources on January 10th.  That means my expiration date will be reset to expire 14 days after January 10th; thus expiring on January 24th.

Initial Token Creation Expiration Date

• When an API user creates their initial token via the Authentication API at https://technically.showclix.com/authentication.html, the 14-day expiration timer will begin.
  • This is also the case if an API user resets or renewals their token via the Authentication API documentation at https://technically.showclix.com/authentication.html. The 14-day expiration timer will begin upon reset or renewal.
  • Reminder that white-label clients need to substitute in their domain for API calls. 
• If the API user receives their initial token via the client Admin resource of generating an "Integration Token" (as explained in the "Providing the Integration Token" section), the token's 14-day expiration will not begin until the API user logs into the API resources for the first time with this new token.
  • This is also the case if the API user has their integration token revoked and then re-generated via the "Integration Token" section of the client Admin resource.
  • This delayed expiration date assists with providing a token to a third-party resource, who may not begin researching API resources for a couple of days or weeks.

Re-Authenticate or Regenerate a Token

API users who know their user email and password may re-authenticate their token by following the steps via the Authentication API documentation at https://technically.showclix.com/authentication.html 

Tokens may be revoked and re-generated via the client Admin resource of generating an "Integration Token" (as explained in the "Providing the Integration Token" section).  

1. The Admin user may visit the API user's account details page.
2. Scroll to the Integration Token section and click the Revoke Token box.
   

   

3. The webpage will then refresh to save and show that there is no longer a token associated with the API user.
4. Click the GenerateToken box to create a new token.
   

   

   1. The webpage will then refresh to save the newly created token.
   2. Provide the entire new token number to the API user.

Revoke a Token & Disable a User

If a third-party integration is no longer being used or if an employee is no longer with your company, it may be necessary to revoke a token and disable the user.

Tokens may be revoked via the client Admin resource of generating an "Integration Token" (as explained in the "Providing the Integration Token" section).  

1. The Admin user may visit the API user's account details page.
2. Scroll to the Integration Token section and click the Revoke Token box.
   

   

3. The webpage will then refresh to save and show that the API user's token is no longer associated with it.
4. To ensure that the API user does not attempt to re-authenticate their token via Authentication API documentation at https://technically.showclix.com/authentication.html, it will be necessary to disable the user.
   1. While still on the API user's account details page, scroll down to the Disable User section.
   2. Click on the Disable User box.
      

      

   3. A pop-up box will confirm that you wish to disable this user.
   4. Click OK, and the webpage will then refresh to save and show that the user is now disabled, as the box reads Enable User.
   5. If you accidentally disabled the wrong user, you may click the Enable User box to restore the API user's account. However, you will need to regenerate or re-authenticate a token.
5. Even though you may have disabled a user's account, you should still revoke their token.

Users with a Token

To see which users on your Seller account have an API token: 

1. The Admin user should log into the Organization Users page at https://admin.showclix.com/users 
   1. Supplement the correct Organization Users page based on your white-label URL.
2. Use the "Filter By" drop-down option at the right side of the screen.
   

   

3. Select Has API Token; the list of Users with an API token currently generated will be displayed.
   1. Admins can use this list to locate API users quickly, click on the Details button for that user, and then either revoke or re-generate a token.
4. In our example list below, we have three Users with an API token.
   1. Note that one of the users (with the line through the User) is disabled. Even though the user is disabled, it is recommended that you also revoke that user's token.
      

      

Sharing Token and User Log In Information

This is a reminder that API token and email/password log-in information should be provided to users in a secure and encrypted manner.

1Password as a Secure Sharing Resource

Password manager software, such as 1Password, offers external sharing capabilities with anyone—even if the external party does not have access to a 1Password account. 

• 1Password links for additional information:
  • https://support.1password.com/share-items/
• You will be able to create a secure link for the sensitive information, share it with the external user's email address, and limit the user's access to the data. 
• On the external user end, the user will be prompted for their email and a corresponding verification code from their email; thereafter, they will receive access to the secure information on 1Password's website.
• Security guidelines:
  • Limit the link to the specific recipient
  • Add a time limit as needed