To publish data from a Silver Essence Portal, you can make use of the xmlHttp Webservice that is available by default. To connect to the Webservice you can have one or more Consumer Users. These Consumer Users don't have access to the Portal. They can only be used to interface data using the Webservice. If you want to give a third party access to your Essence data (for example, your webdesigner wants to publish some data on your public website), you have to give out the username and password of one of your Consumer Users. As of today we have improved securing your data. By introducing the Consumer Keys.
How Consumer Keys work
Let's have a look first at the current situation. Let's say you want to publish an Event calendar on your website. And you might want to have a registration form on your website that should create Registrations in your Essence Portal. You give out a username and password for your Essence Webservice to a third party. This gives the third party access to all your data. Even though this is a common practice with almost any Webservice, we wanted to come up with something better.
Consumer Keys act just key cards you might be familiar with in hotels. They are handed out to you personally and give only access to one specific room. Similar, a Consumer Key can be created for a Consumer User. Each Consumer Key has a Start Date and the key cannot be used before that date. Optionally the Consumer Key can have an End Date, after which date the access automatically expires. Furthermore, a Consumer Key is restricted to one Business Controller only. And you can even restrict access to Read or Write only, using the user credentials of a specific user.
Create a Consumer Key in our Partner Portal
You can create Consumer Keys in our Partner Portal. First you must have a Consumer User. By default, one Consumer User is always added to every new Portal. You can edit or create Consumer Users through the User Manager in the System menu. Next go to Storefront, Content Management, Solutions and open the Solution you want to create Consumer Keys for.
Once you have registered a Consumer Key, you can give access to third party developers. But you don't need to give out the Username and Password anymore. You only need to give out the Consumer Key and the name of your Essence Portal. You can test these credentials using the Webservice Testpage.
Restrictions apply here
Using these credentials, a third party can be given access to the Essence Webservice. And the restrictions will be applied. So if the third party wants to read a different topic than Event (as specified in the restrictions), the Webservice will return an error message that the requested topic cannot be read. Same if the Consumer Key has expired, or when the Consumer User has been blocked et cetera.
How about current third party access?
If you have already given out third party access using Username and Password, don't worry. This method of authentication will still work and it will work as usual. So you do not need to change anything. However, if you want to restrict access to your data, just create a Consumer Key and inform your third party developer. In this case too, use the Webservice testpage to test the credentials and to get an example of the Webservice message that is required for correct authentication.