Service Accounts and Tokens
UPDATE: Major changes have been made to the way new users are added to the system.
Of particular note:
Please see the release notes here for more information.
Creating a Service Account
Service accounts are associated with tokens to allow data transfer to external sites without being tied to a particular user.
To create a service account, go to "Settings" in the left hand menu and select "Members."
Click the "Add new service account" button in the upper right.
Existing service accounts are viewable under the "Service Accounts" tab in the "Members" area.
Creating New Tokens with Service Accounts
All new token creation will require the use of a service account. Follow the directions above to create an account if one does not exist.
To create a token, under "Settings" in the left-hand menu, select "Tokens."
Click the "Add Token" button in the upper right.
Fill in all fields, including selecting the appropriate service account. A public token cannot be created if no service account is selected.
Public Token vs Private Token
When creating a token, the option is given to make it a public or a private token. The difference between these choices is that a Private Token will always authenticate the request regardless of the domain of origin of the request. A Public Token will only authenticate API requests coming from whitelisted domains specified in the Domains attribute. We recommend using a Public Token for publicly-facing web pages so users do not gain unrestricted access to your organization's APIs.
All subdomains for use with Public Tokens must be specified explicitly (e.g. https://subdomain1.yourwebpage.com/, https://subdomain2.yourwebpage.com/). Public Tokens do not support wildcard characters (e.g. https://*.yourwebpage.com/).
Transferring Token Ownership to a Service Account
Under "Settings" in the right-hand menu, select "Tokens"
From the list of existing tokens, right-click the token and select "Reassign Token".
Tokens my only be reassigned to a service account. Follow the directions at the top of this page to create a service account if one does not exist.
Once all tokens are removed from association with a user, the user may be removed from the org by right-clicking on the user name in the "Members" tab inside the "Members" area.