System Administration
      Back to home
      1. Help Centre
      2. System Setup
      3. System Administration

      Add / Enable API Access (Generate Client ID and Secret)

      To use the Cezanne API, you will first need to enable access for a user within the system. To do this, there are two main options depending on the type of access a user requires:

      1. Adding a new API application with Client ID and Secret
      2. Enable API Access to OData Feeds (e.g. Power Query / Power BI)

      1. Adding a new API application with Client ID and Secret

      If you are building your own app or integration with Cezanne, you will need a Client ID and Secret with Read or Read and Write permissions.

      To add your own Client ID and Secret:

      Navigate to: Administration >> Security Settings >> Authorised Applications

      1. Click Add New.
      2. Enter a Name and Description for your app (the Name may be displayed when you are granting access to the app within your oAuth2 flow, Description is only displayed within the Authorised Applications screen).
      3. Click OK.
      4. Set any required Allowed Callbacks (redirect uris). If you don't have any Callbacks to enter, you can leave it blank.
      5. (Optional) Select a Service Account User.

      Note:

      • The Service Account User should ideally be an External HR Professional user with Password Never Expires ticked as if the password expires, the API App will stop working until the password is changed.
      • This does not need to be specified if you are using this application for Single Sign-On (SSO) as users will authenticate as themselves.
      6. Click Save.
      7. The Service Account User will automatically be made a User Exception. If you want to add more users as exceptions, click the Pencil and add any other users or roles you require.
      8. Your Client Secret is displayed here, which you will need to Copy as it will only be available while the screen is open.
      9. If you need to regenerate at any point, you can click Regenerate and the new Secret will be displayed until you leave the screen.
      10. Once you have copied the Client ID and Secret, select the Application Scopes tab.
      11. Toggle API read access and API write access and Token Information as required. The Token Information scope is required only when using this application for SSO.
      12. Click Save. The Client ID and Secret are now ready to use.

      2. Enable API Access to OData Feeds (e.g. Power Query / Power BI)

      If you are just wanting to pull data using an OData feed, such as in Power Query, you can use Basic authentication but you must first set any user you would like to have access to be a user exception for the OData Authentication Service application.

      Navigate to: Administration >> Security Settings >> Authorised Applications

      1. Select and Enable the OData authentication service application.
      2. Specify the users or roles who can access the API by clicking Advanced Configuration.
      Authorised Applications - Cezanne OnDemand and 6 more pages - Work - Microsoft​ Edge
      3. Make sure that Enable All Users is unticked.
      4. Click the pencil icon to Manage Exceptions
      Authorised Applications - Cezanne OnDemand and 6 more pages - Work - Microsoft​ Edge
      5. Specify the user(s) or Security Role(s) which can use the API by using the 'Add new' buttons.
      6. Once you have added all required Exceptions, click Save.