Creating and Configuring Service Users

Service Users represent the automated process you want to grant access to your Organization. When you create a Service User you can:

Add Permission Policies to the Service User to control what they can do when they gain access to your Organization.
Generate Access Keys for the Service User, which you can use to perform service authentication with the m3ter platform. When you have authenticated the Service User, you can then can obtain a Bearer Token for use in API calls made to the platform by the Service User. For more details, see Service Authentication.

This topic explains how to create Service Users for your Organization and generate access keys for them. How to assign Permission Policies to your Service Users and manage them is also explained:

Creating Service Users

To create a Service User:

1. Select Settings>Access. The Access page opens with the Users tab selected.

2. Select the Service Users tab. Existing Service Users in your Organization are listed.

3. Select Create Service User. The Create page opens.

4. Enter a Name for the new Service User.

5. If you want to generate an access key for the new Service User, leave the Generate access key switch enabled, which is the default setting.

Note that you can create the new Service User without generating an access key - simply disable the switch - and you can edit and generate an access key later. See the section below.

6. If you want to assign Permission Policies to the new Service User, use the Permission Policies drop-down list to select them - the list will contain both the Managed and any Custom Permission Policies that exist in your Organization.

Note that you can create the new Service User without assigning any Permission Policies - simple leave the Permission Policies drop-down empty - and you can edit and assign them later. See the section below.

7. Select Create Service User. The new Service User is created and a Generate Access Key popup appears, which shows:

Organization ID
Access Key ID
API Secret

You can copy each of these string values directly to your clipboard.

Important! When you generate an access key for a Service User, you need to keep a record of the Api Secret before you close the popup, because this will only be shown once.

8. On the Generate Access Key popup, select Close. You are returned to the Service User Details page for the new Service User:

In this example, when we created the new Service User we've:

Assigned the Administrator Permission Policy.
Generated an Access Key.

Adding Permission Policies to Service Users

Two Managed Permission Policies are currently available to assign to your Service Users:

Administrator. Read and write permissions. Can submit API calls.
ReadOnly. Read permissions only. Cannot submit API calls.

You cannot edit Managed Permission Policies.

You can also assign any Custom Permission Policies you've created to Service Users.

Warning: Working with Permission Policies? Before creating Custom Permission Policies to control Users access to your Organization, we strongly recommend that you review the following topic in this section on Understanding, Creating, and Managing Permission Policies.

To add and manage Permission Policies for a Service User:

1. On the Settings>Access>Service Users tab, select the NAME text of the Service User. The details page for the Service User opens. Any Permission Policies assigned to the Service User are listed in the Permission Policies panel.

2. Select Add Permission Policy. The page adjusts.

3. Using the Add Permission Policy drop-down, select the Permission Policy you want to assign from the drop-down list.

4. Select Add Permission Policy. You are returned to the details page where the selected Permission Policy is now listed in the Permission Policies panel.

5. If you want add another Permission Policy to the Service User, repeat steps 2 to 4.

Important! You must add the Administrator Permission Policy to a Service User to allow the user to make API calls to the platform.

6. If you want to delete a Permission Policy from a Service User, select the Delete button. You are asked to confirm the delete action.

Generating Access Keys for Service Users

You can generate access keys for Service Users at any time.

To add and manage Access Keys for Service Users:

1. On the Settings>Access>Service Users tab, select the NAME text of the Service User. The details page for the Service User opens. Any access keys generated for the Service User are listed in the Access Keys panel.

2. Select Generate Access Key. A Generate Access Key popup appears, which shows:

Organization ID
Access Key ID
API Secret

You can copy each of these string values directly to your clipboard.

Important! When you generate an access key for a Service User, you need to keep a record of the Api Secret before you close the popup, because this will only be shown once.

3. On the Generate Access Key popup, select Close. You are returned to the details page where the access key is listed as ACTIVE on the Access Keys panel.

You can now use the Access Key id and Api Secret to authenticate the Service User to m3ter using the Basic Authentication method and obtain a Bearer Token for making subsequent API calls. See Service Authentication.

4. If you want to generate additional access keys, you can repeat steps 2 to 3. If you generate additional keys, you should take care to mark the old ones as Inactive - those for which you cannot remember or find the Api Secret or those no longer required due to rotation.

Tip: Rotating Access Keys? Note that you can only create up to two Access Keys at a time - if you want to maintain continual rotation of your Service User Access Keys, after creating two you must first inactivate and remove one to create a new one.