Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In OpenSpecimen v8.X onwards, the API user feature is implemented.

  1. If you have an API user, you have to create a user with API USER privilege.

2. You have to select the checkbox if the created user invokes the REST APIs.

3. You can check on the user add/edit page for this setting. Please see the below screenshot.

...

4. Once you click on yes, it asks for an IP address. The IP address can be a particular IP range from where the API is going to be invoked.

5. The API user's access works the same way as a normal user. You have to give
role and CP access.When 2FA is enabled, every login / sign-in require users to input password and TOTP along with their user ID. Also, when strict security measures like device tracking is enabled, users are required to enter the OTP sent to their email ID to authorise the device.

With such security measures, a regular user account cannot be used to invoke the OpenSpecimen APIs by automated systems. External systems use APIs to pull/push the data from/to the OpenSpecimen.

To solve the above problem, starting v8.1, a new type of user - API user is implemented. API users are special type of users a) that do not require OTP for sign-in and b) whose devices are not tracked. However, they have one important restriction - the IP address (or range) of the device from which the APIs can be invoked is fixed. It cannot be any random IP.

It will be the responsibility of the super administrator to configure the API user and share the details with concerned parties after doing due diligence.

Steps:

  1. Navigate to Home → Users → Create

  2. Select Yes as the answer for API User?

  3. Specify the host IP address or range of allowed IP addresses in the text box appearing below the API User? as illustrated in the image below -

...

IP address can be:

  1. Host IP address as in 142.250.67.196. This means the API user account can be used to invoke APIs from this IP address alone.

  2. IP address range using Network address / mask notation (aka CIDR notation). For example: 142.250.0.0/16. This allows to invoke API from any IP falling the range - 142.250.0.0 - 142.250.255.255 (for a total of 65,025 IP addresses)

  3. Few more examples:

    1. 142.250.67.0/24 signifies the range 142.250.67.0 - 142.250.67.255 (for a total of 255 IP addresses)

    2. 142.250.67.248/29 specifies the range 142.250.67.248 - 142.250.67.255 (for a total of 8 IP addresses)