Dashboard > ChannelAdvisor Developer Network > ChannelAdvisor Developer Network > Understanding Security
Log In   View a printable version of the current page.
ChannelAdvisor Developer Network
Understanding Security
Added by Greg Smith, last edited by Marshall McClure on Aug 23, 2011  (view change)
Labels: 
(None)


Overview

The ChannelAdvisor API uses both authentication and authorization to protect our clients' data.  This security model includes DeveloperKey, password, AccountID and granted access (authorization) to an account's data.  This page will you help you understand how to work with these concepts.

Key Concepts

Concept Description
AccountID An AccountID has a one-to-one relation with a ChannelAdvisor Complete posting account, which has a ProfileID.  This AccountID does not have the same value as a ProfileID.  It is a GUID that will look something like this: 11111111-2222-3333-4444-555555555555, while a ProfileID is an eight-digit integer. If your ChannelAdvisor client account has five posting accounts, you will need to work with five separate AccountIDs. Without being granted authorization to an account, nobody can access that account's data simply by knowing the AccountID.
DeveloperKey A DeveloperKey is a unique value that identifies the creator of an application.  It is also in the format of a GUID. If you are developing an application in-house, you will need to Request API Developer Credentials.
An email containing an activation URL will be sent to the email address you supply during sign-up.  Please add developeradmin@channeladvisor.com to your safe list so the activation email is not blocked by a spam filter.  After activation, your DeveloperKey may be granted access to one or more accounts. See Granting Access below to find out how this is done.
Password Each DeveloperKey has a password.   This password is specified when you request your DeveloperKey.  It is not the same password that a client would use to log into the ChannelAdvisor Complete web site.
Granting Access To an Account Granting a DeveloperKey access to a CA account can be accomplished using the following steps.
  1. A CA user with Client Admin permissions locates the desired ProfileID in the list on the Account Authorizations page.
  2. The developer calls the RequestAccess API method, using the ProfileID from step 1 for the LocalID parameter.   A notification will appear in the account's Message Center, alerting the client of the pending authorization request.
  3. A CA user with Client Admin permissions locates and enables the pending authorization request on the Account Authorizations page.
  4. The developer can now retrieve the AccountID by calling the GetAuthorizationList API method and begin interacting with the account using any of the API web services.
    Typical Authorization Scenarios
    • A client wants to use an existing integrated application such as TradeBox.  The client retrieves the ProfileID for their CA account, the TradeBox developer requests authorization through the API, and the client enables access for TradeBox.  The TradeBox DeveloperKey now has access to the account.
    • A client adds a new posting account to ChannelAdvisor and wants to use their in-house API integration software.  This new account will need to be granted the same access as their existing accounts. In other words, access is not inherited from similar accounts.

Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.1 Build:#806 May 06, 2007) - Bug/feature request - Contact Administrators