An Application Programming Interface (API) Key is a unique identifier used to authenticate a user, developer, or calling program to an API. As of June 5, 2022, users who have an API Key enabled on their Login ID (i.e. they do not login with their Login ID and password) for the TFNRegistry™ API are required to set up Multi-Factor Authentication (MFA). Please refer to the TFNRegistry User Guide for more information on setting up MFA. Please Note: Available authenticators include, but are not limited to: Google Authenticator, Microsoft Authenticator, OneLogin, Authy, and LastPass. Google Authenticator installed on an Android device is chosen as the third-party application to document the MFA set up process. Please refer to the “MFA Quick Start Guide” in Developer Resources (developer.somos.com) for more information on how to get started with MFA set up in the TFNRegistry.
After MFA has been set up and enabled on the user’s TFNRegistry account, the user will be eligible to create and manage API Keys from the URC page (see Chapter 12.1 User Control (URC) in the TFNRegistry User Guide). If the user does not have the required permissions, a message will be displayed on the URC page requesting them to contact their Resp Org's Primary Contact and/or Company Administrator(s) for assistance (see Figure 5 User’s view on URC page without API Key Permissions).
Please refer to Chapter 12.1 User Control (URC) in the TFNRegistry User Guide to learn more about the URC page.
Once an API Key has been set up, the user can view the Access Key, API Key Access Secret, Status, Expiration Date and eligible actions associated with an API Key on the user profile. The API Key Access Secret will only be viewable immediately after the set up completion, so the user is encouraged to store the API Key Access Secret in a secure location before navigating away from the page.
- As of June 5, 2022, the user must first set up and enable the MFA for their Login ID on the URC page in the TFNRegistry UI to create or access an API Key.
- If they need permissions to generate an API Key, the user will need to contact their Resp Org's Primary Contact and/or Company Administrator(s).
- If the user is having issues with an API Key, they will need to contact the Help Desk for assistance at 844.HEY.SOMOS (844.439.7666), Option 1.
- An API Key will expire after one year. For Example: API Key created on March 31, 2022 will expire on March 31, 2023. It will work until March 30, 2023 at 11:59 PM CT.
- A notification email will be sent to the user 30 days before, and again 5 days before the API Key expiration date, requesting the user to renew it.
- If the user disables an API Key, then a notification email will be sent to the user informing them that the API Key has been disabled and it will remind the user to reactivate, renew or delete it on the URC page.
Figure 5 User’s view on URC page without API Key Permissions