Generate or Regenerate or Use Application API Keys

You can use the Application API Keys page to generate or regenerate or use the API keys for a third-party application that uses Campuslink APIs or Student Web App. You can create an application key for a particular Calling Application Name and share both the key and the calling application name securely with the third-party vendors. Client applications that call CampusLink APIs or Student Web App use this information to get a token.

You can regenerate the API key if the existing key is lost or corrupted.

We recommend that you regenerate keys regularly and share the keys with third-party vendors who can update the client application code to use the new keys.

System-generated Staff User

Each system-generated application key (keys that are used by Anthology applications and are not visible through the Student UI) is associated with a system-generated staff user (for example, PortalApiUser@anthology.local).

The system-generated staff user:

  • Only exists as a Staff record in the application

  • Does not have a password

  • Is not required to be added as an AD/AAD user

  • Is never used to authenticate against.

This staff user’s authorizations in Anthology Student are used to determine permissions for API calls that are made in the system context using the key. The staff user’s Id is also used to update the database for calls made by the client application.

By default, this staff user has Administrator access. You can adjust the user’s permission based on the requirements of your application.

Important:

  • Do not delete @anthology.local staff users to prevent unexpected errors.

  • Remove permissions for these staff users only if absolutely needed because certain API calls may fail as a result.

You can also use the Application API keys to get data with the help of a third party API platform used by your institution.

Prerequisites

You must have System - Settings - Manage authorization.

The staff member associated with the key must have the permissions and authorizations required for a particular integration.

The staff member associated with the key must have the required permissions and authorizations to use the API key to get data.

Access Method

Select the Settings tile > expand System > select Application API Keys.

Procedure to Generate Application API Keys

  1. Click the New button on the toolbar.

  2. Review, change, or specify the following values.

    Application KeyClosed Indicates the key required for API integration. This field is disabled. Each system-generated application key is associated with a system-generated staff member (for example, StudentApiUser@anthology.local).

    Calling Application NameClosed Indicates the name of application that uses the CampusLink API for the integrations. This field is limited to 200 characters and cannot contain any space. Special characters and numbers are allowed. This field has to be unique. At the time of key generation, record the application key’s value for use in your client application code. This value is never displayed again after you leave this page.

    Expiration DateClosed Indicates the date when the API Key is no longer valid. This date is posted when the integrations with given API key do not work. If you are specifying the value, specify the value in the format MM/DD/YYYY or click the calendar button to select the date. This field cannot be set to more than 2 years from the current date.

    StaffClosed The last name and first name of the staff member.

  3. Click Save to save the changes. Anthology Student displays the Copy Application Key dialog box.

  4. Click the Copy Application Key button. Anthology Student saves the record and recommends modifying existing application integrations to use the new key.

    Copy the key into a text file since this Application Key will never be available to copy again once you leave this page.

You must secure this key to prevent unauthorized access and share it securely with authorized personnel or third -party vendors who will integrate with CampusLink APIs or Student Web App.

Procedure to Edit or Regenerate Application API Keys

  1. Click the name in the list to edit an existing list item or to regenerate an existing API key.

  2. Review, change, or specify the following values.

    Application KeyClosed Indicates the key required for API integration. This field is disabled. Each system-generated application key is associated with a system-generated staff member (for example, StudentApiUser@anthology.local).

    Calling Application NameClosed Indicates the name of application that uses the CampusLink API for the integrations. This field is limited to 200 characters and cannot contain any space. Special characters and numbers are allowed. This field has to be unique. At the time of key generation, record the application key’s value for use in your client application code. This value is never displayed again after you leave this page.

    Expiration DateClosed The date when the item no longer valid. If you are specifying the value, specify the value in the format MM/DD/YYYY or click the calendar button to select the date. For student groups, the default is configured for the campus by your institution.

    StaffClosed Indicates the last name and first name of the staff member. You can either create a new staff member with appropriate permissions or use an existing staff member with the required permissions. Each system-generated application key is associated with a system-generated staff member (for example, StudentApiUser@anthology.local) . This staff member only exists as a Staff record in the application and does not have a password or be required to be added as an AD/AAD user. As a result, this staff member is never used to authenticate against. However, this staff member’s authorizations in Anthology Student are used to determine permissions for API calls that are made in the system context, using the key. The staff member’s Id is also used to update the database for the calls made by the client application. By default, this staff member will have admin access. You can adjust the user’s permission based on the needs of your application.

  3. Click the Regenerate button.

  4. Click Save to save the changes.  

    Anthology Student displays the Edit Application Key dialog box to state that you have modified the Calling Application Name and regenerated the Application Key. Once you save the changes, the Calling Application Name and Application Key are replaced with the updated values, The previous key values cannot be retrieved.

    Anthology Student also informs that the existing integrations will stop working until modified to use the updated Calling Application Name and Application Key.

    Click the Cancel button if you do not want to regenerate the application key at this point. Anthology Student restores the existing application key.

  5. Click the Save button to save the regenerated application key. Anthology Student displays the Copy Application Key dialog box.

  6. Click the Copy Application Key button. Anthology Student saves the record and recommends modifying existing application integrations to use the new key.

    Copy the key into a text file since this Application Key will never be available to copy again once you leave this page.

Example

Shows Applications Kets page.

Procedure to Use Application API Keys with Third-Party API Platform

  1. Copy or regenerate the Application API key.

  2. Add the name of the calling application, the key value and the principal id in the following format:

    {"CallingAppName":"<CallingApplicationName>","KeyValue":"<value>","PrincipalId":<value>}

    Attribute Refers to

    CallingAppName

    Calling Application Name

    KeyValue

    Application Key value

    PrincipalId SyStaffId. PrincipalId is optional. If PrincipalId is present in above format, then API runs using this staff. If it is not present in above format, API runs using Staff configured on following form.

  3. Use the above string on a third-party Base64 encoder (for example, CodeBeautify) used by your institution to generate the base64 encoded key.

  4. Add the base64 encoded key on a third-party API platform (for example, Postman) used by your institution to get the required data.