- To create an API client
- To configure an API client
- To select authorized grant types
- To configure redirect URIs
- To delete an API client
- To regenerate the client secret
On the API Management page you can create and configure third party API clients. This page is only visible to ASAs (Authorized Service Administrators). To integrate with a third party client, you need to:
- Create an API client in your MC Professional account.
- Generate a unique Client ID and Client Secret.
To create an API client
1. Navigate to Settings > Account Settings.
2. Click the API Management link in the top right corner.
The following page lists your API clients, and displays the Client ID, and Client Secret for each client. To set up an integration, this information is required by the third party client's developer. On this page you can also EDIT, DELETE, and REGENERATE SECRET by hovering over an API client in your list.
4. Click the CREATE API CLIENT button.
5. Enter a name for the application, then click CREATE API CLIENT.
To configure an API client
After you create an API client, you will be directed to the Settings page. Alternatively, you can edit an existing API client to access the same screen. To edit an API client: Hover over an API client in your list, then click the EDIT button.
On the following page, you can configure your API client settings.
API Client Information
Under the API Client Information section you can view the:
- API client name
- Client ID
- Client Secret
You can edit the API Client Name in the text field.
The Client ID and Client Secret are auto-generated. If you need to regenerate your client secret, navigate back to API Management > hover over the API client in your list > Click the REGENERATE SECRET button.
Select the permission scopes that your API client is authorized to use. All API tokens have Read enabled. To make updates through your API, the Write permission must be selected.
To select authorized grant types
Under the Authorized Grant Types section, you can select which grant types the third party client is authorized to use. You can select from the following grant types:
- Authorization Code
- Resource Owner Password Credentials
- Client Credentials
- Refresh Token
A few things to not about grant types:
- If the Authorization Code or Implicit grant type is enabled: The API client requires at least one redirect URI. Redirect URIs are provided by the third party client.
- If the Client Credentials grant type is enabled: You need to select which groups are assigned to the grant type. The access token - issued through this grant type - has the permissions of the selected groups.
Select the grant types that this API client is authorized to use. For a detailed description of each grant type, see our help article on API Authorization.
To configure redirect URIs
If you select the Authorization Code or Implicit grant type, you must add at least one redirect URI. Redirect URIs must be a properly formatted URI starting with http:// or https://. Redirect URIs are provided by the third party client's developer.
Adding a Redirect URI
To add a new redirect URI, enter the new URI in the Add a Redirect URI text field. Then, click the ADD URI button.
Editing a redirect URI
To edit an existing redirect URI, hover over the URI you want to modify, then click the EDIT button. To delete a URI, click the DELETE button.
If the Client Credentials grant type is enabled, select the groups to associate with the access token issued through this grant type. The access token will have the cumulative permissions of all the groups selected.
To delete an API client
To delete an existing API client, navigate to the API management page > hover over the API client > click the DELETE button.
In the pop-up window, make sure this is the correct API client, then click DELETE API CLIENT.
When an API client is deleted, any third party integrations using its client ID will immediately stop working.
To regenerate the client secret
Navigate to the API Management page > hover over the API client > click the REGENERATE SECRET button.
Ensure this is the correct API client, then click REGENERATE.
When a client secret is regenerated, any third party integrations using the previous client secret will immediately stop working. You need to provide the new client secret to the third party client's developer to continue using the integration.