API Authorization

In some cases, you need to allow limited access to users and servers through a restrictive API, without using the browser.

Harmony Connect Application Access allows you to manage the access authorization for server-to-server and application-to-server web pages by issuing revocable API tokens.

The token is one-time-issued per user <> application set, and it can be regenerated or revoked at any time.

To enforce this behavior, you can work in two modes:

  • Authorization header: For API clients that can receive custom headers, you can create and use API in the form of an authorization header. It looks as:

    HTTP

    X-Checkpoint-Key: <Issued-Token>

    and should be applied to each request that goes through Harmony Connect Application Access.

    Note - The authorization header is case sensitive. Make sure you write X-Checkpoint-Key.

  • In-URL token prefix: If an API client is restricted to connection URL only (for example, proprietary desktop applications that connect to a server over www), you can attach the issued token to the API over the URL in this manner:

    https://<application-name>.<site-name>.<company-name>.connect.checkpoint.com/odoapi/issued-token/api/v1/person

Where:

Creating an API-Enabled Application

In your web application creation flow, under Advanced, select the option to Allow API connectivity. If you want to restrict access to authenticated services, select Require active session.

Using an API-Enabled Application

To fetch the application API key:

  1. In the User Portal, click the application Settings button (). In the menu, choose Generate API key or Regenerate API key if you need to re-issue the key for the user.

    Note - Recurrent generation of an API key revokes the existing key.

  2. From the window that includes the raw API key, the Authentication Header field and Authorization URL field, copy the relevant information.