How to generate API tokens

Last updated August 10, 2023
Written by Princess Luzadas

Authentication in the Web API requires users to provide an API key within the request header. Tokens are allocated to specific API modules and can be conveniently managed within your Felix account.

Users will need the Create and Edit Integration permission to be able to create and configure API tokens in Felix.

How to generate an API token

To generate an API token:

  1. Navigate to Settings > Integration from the main menu.
  2. Click the New Token button to generate a new token.
  3. Update the following fields:
    • Title - Enter a title for the API token. This is for internal identification purposes. We recommend describing the purpose of this token in the name. For example, the name of the integrated application (e.g. SAP Ariba Integration) or a use case (e.g. PowerBI Reporting). 
    • Module - Select the relevant module you are creating the token for. You have the option to associate multiple modules with a single API token. However, it is advisable to use separate tokens for each module. This approach improves data security compared to using a generic API token for all modules. By having separate tokens, if one token were to be compromised, you would only need to change the token associated with that specific module, rather than having to update all API tokens across modules.
    • Mapped User - Select the relevant user who will access the module. The mapped user will help you identify later if the changes to the application were made by a system user or programmatically via the API. User permissions do not apply to the mapped user.

  • Once a token has been generated, any modifications are no longer possible.
  • The Security Group of the mapped user is currently not considered by the Felix API. This means that this user will be granted access to all relevant API module data if the authentication token is valid and active.

4. Click the Generate button. Once the token has been generated, copy and save the token as you will not be able to access it again once you have closed the window.

  • For effective management of API tokens, it is recommended to assign descriptive titles to them.
  • You have the flexibility to create multiple tokens which can be utilised for various integrations and tracking purposes. It is advisable to have distinct API tokens for each module and use case (e.g. Integration) as this enhances data security at the organisation level.

  • Ensure that you generate the API token for the relevant module as attempting to access a different module will render the token ineffective.

Was this article helpful?