Several users are going to do the screening through WC1 API. They are are authentified in their internal system (login/pwd) onboarding the WC1 API calls. What is the best way to keep the authentification tracking through the WC1 API Requests ? Which fields can be used to keep these informations (pwd/login) in the Requests.
Hello @nabil.hassoumi ,
Thank you for your clarification!
The client cannot send their users credentials to the WC1 API. The API does not expect that and will reject the request as unauthorized. You can only send the API key, Base64 encoded HMAC signature, etc. Please refer the documentation for more info on how you can send valid requests and keep the authorization headers to those specifications only.
The client has to implement a solution at their end if they want to know which user screened a particular case.
Few suggestions are mentioned below to implement the same if they want to use WC1 API to track the screened case and the screener.
1. Create a new user in the WC1 UI and assign a "only screener" role to it. Making the user as "Screener" will give only screener rights to them, hence segregating the function.
2. Create multiple groups under that user and assign one group (group ID) to each user. The group IDs can be found by firing the API: "SEQ-1a: Get my top-level groups".
3. Whenever the user log into the client's platform using their usr/pwd and screen cases, the client needs to make sure API is fired from the group ID assigned to that user.
4. Whenever the client admin wants to track cases, he can fire the API "SEQ-5a: Fetch full case details" to get the details of the case and locate the group ID in the response body obtained by firing by the API to know the user who screened the case.
For details on how to create users, assign roles and create groups, I suggest you have a look at the help section of the WC UI and check the "Client Administrator User guide" doc.
Kindly let me know if you have further questions.
Hello @nabil.hassoumi ,
This is something that has to be implemented at the user's end.
If the client has multiple users who will screen using WC1 and each of them have their own API key and API secret, the client have to design their platform in a similar way where they can change the authentication details according to the user who would be screening the case.
Kindly note the authentication details are sent as request headers so the payload which is part of the request body does not come into picture. Only the group ID is included in the payload in the "seq-2: Save a case" which enables the user to save the case before screening the case using a particular group ID.
Can you please explain your query in more detail? Also, what does the client wants to achieve with this-like to find out the which user screened a particular case, etc?
@Irfan.Khan Thank you for your answer.
Here is the scenario: The client is going to use our API and integrate it into his CRM or internal system. So only one API key and API secret will be used.
Every end user will connect to the CRM with his own credentials (Login/pwd) and will have access to the screening via the CRM. What the client is asking for is how to add the credentials of the real user in the Requests sent via the API? What fields can be used for that purpose?
Thank you for your answer.
I know that the user can use its own credentials in the API requests. I am asking if there is any free text or other field in the requests that can be used to store such kind of data.
Also, via the WC1 UI the user can add new additional fields that can be seen in the Case, does such fields accessible and usable via the API.