Integrating Phone system with Manager - API Account

1

We wish to Integrate a phone system to Manager using the API. Currently access to the Managers API is an admin account giving the account access to all. This is not ideal for what we wish to accomplish. We need an API user account to access only a portion of the information available in the API. The “Customer” data in a particular “Company Limited”.

  1. [Manager API](https //xyz.abc.co/api)
  2. [Company Limited](https //xyz.abc.co/api/Qy1JVCBMaW1pdGVk)
  3. Customer

Is this more limited account access to the Manager API possible or is the Manager API not yet mature enough to facilitate?

Use case:

  1. Improve customer service.
  2. Do not want API account to access Payslips
  3. Do not want API account to access other companies
  4. Enable and limit the phone system to Customer API data only for a particular company.
  5. Make Staff more efficient
  6. Makes API data a little more secure

There are other cool things in mind but the account used to connect to Manager API is in the first instance important before proceeding with anything.

2 Likes
2

This has already been promised by the developer:

Until then, you will have to create an intermediate layer of API that accepts mobile app requests and logs in to manager in the backend without exposing the credentials.

3

I really like this simplified login option but would be more confident if an alternate user account could be used rather than the one with the keys to everything in Manager. Am I right in thinking that the “Sample Key” shown 714552c6148e1617aeab526d0606184b94a80ec048fc09894ff1a72b740c5f19 if used during the login process will limit the connection to only that piece of data under that “Sample Key”? Guess we will need to wait and see.

4

Just talking to myself here … on a side note I am waiting on some movement in the Manager API area to enable the use of a key which will allow access to only a certain entity in Manager. This will in my view limit any other hosted business from being queried through a rogue API configuration.

1 Like
5

Each business already has a key or do you mean something else?

6

Please use a personal notepad, sheet, or whatever to share your thoughts with yourself. This is a public forum, thank you.

7

Yeah Mark the Manager API / admin account we have to engage to allow connection to the Manager API can extract / get data from any entity on the host. This is not ideal. In effect customers want to have the confidence that there is a mechanism or a unique API account that will limit the API connection to a their specific entity only.