Using API Keys when automating tasks
An Application Programming Interface (API) key is a unique identifier used to identify and authenticate an application or user. An API helps software programs connect and communicate with one another. An API key is a cryptographic key in a hash-based method authentication code (HMAC). When used to sign requests for service-to-service authentication, the key ensures that important parts of requests for service-to-service authentication did not change. You can create an Internal, External, or Custom API key.
Internal and external API keys
Generate an Internal or External API key when requested to do so. A Verint representative or a third-party developer may request an API key. These users request API keys when developing or using an application or service that calls an API, as described in the Verint SDK.
In a multi-tenant enabled cloud environment, each customer generates their own Internal or External keys. Use caution when providing Internal or External keys to users. Internal and External keys have access to all supported APIs. A user of an Internal or External key can access the entire system.
-
An internal API key is used for Verint software intercommunication when Verint software is running on a mix of Verint and non-Verint infrastructure. A common example is Verint client software that runs on the desktop computer of an agent and communicates to Verint servers. The Verint servers can be hosted on the customer environment or in the Verint cloud.
-
An external API key allows published APIs to access product components and services. External keys are used by third parties to use Verint Workforce Engagement services. An External key is also used by integrators and customers who want to use the APIs to use Verint services programmatically for integration or automation. You must assign an external key to a single user or to all users. When a key is associated to a single user, that user must have the necessary permissions to access the specified APIs. When a key is associated to all users, they can access the specified endpoints without needing additional permissions.
In a multi-tenant cloud environment, users can only view and work with the API keys created for the tenant to which they belong.
If you are logged in as a user and create an API key, the API key is automatically associated to the tenant to which you belong.
Custom API keys
A custom API key enhances security by restricting access to specific resources. When creating a custom key, you specify one or more API endpoint URLs and choose to associate the key with either a single user or all users. When a key is associated to a single user, that user must have the necessary permissions to access the specified APIs. When a key is associated to all users, they can access the specified endpoints without needing additional permissions.
Custom API keys are available for Verint Cloud, but not Verint Enterprise.
API key expiry and rotation Specific repeating sequence of work patterns in WFM assigned to employees. Rotations override work patterns.
To enhance security and comply with PCI 4.x requirements, the system supports key expiry and the automatic rotation of keys. This approach makes it easier to manage API keys securely and efficiently.
Providing an application key to a requester
You provide an API key to a key requester by copying the key from the user interface and pasting it into a text document or email.
Managing API keys after user deletion
-
Automatic removal: When a user is deleted or their credentials are removed, they are automatically disassociated from any API keys within a few hours.
-
API key persistence: The API key itself remains in the list even after the user is deleted.
-
Manual deletion: If the API key was solely for the deleted user, you can manually delete the key.
Topics