Dashboard > ChannelAdvisor Developer Network > ChannelAdvisor Developer Network > Understanding Security
Log In   View a printable version of the current page.
ChannelAdvisor Developer Network
Understanding Security
Added by Greg Smith, last edited by Greg Smith on Apr 21, 2008  (view change)
Labels: 
(None)


Overview

The ChannelAdvisor APIs use both Authentication and Authorization to protect our clients' data.  This includes DeveloperKey, password, AccountKey and granted access (authorization) to an accounts data.  This page will you help you understand how to work with these keys, as well as help you understand when you need to request a developerKey, and when to request an AccountKey.

Key Concepts

Concept Description
AccountKey An AccountKey has a one-to-one relation with a Merchant posting account (ProfileID).  This key does not have the same value as a ProfileID.  It is a GUID that will look something like this: 1111-222-4444-333.  If your ChannelAdvisor client account has 5 accounts, you will also have 5 AccountKeys.  Without submitting a request to grant someone access to your account, no one can access your data simply by knowing your AccountKey.
DeveloperKey A Developer Key is a unique value that identifies the creator of an application.  It is also in the format of a GUID.  If you are developing an application in-house, you will need to request a DeveloperKey here.  (If you are requesting this to work on your own accounts, make sure you are logged in to the ChannelAdvisor system.  Then enter your accounts.)
If you are requesting a DeveloperKey to create an application for a ChannelAdvisor client, your client will need to grant you access (see Granting access below)
password Each DeveloperKey has a password.  This is a password generated by the API administation system which will be assigned to the DeveloperKey.  It is not the same password that a client would use to log into the ChannelAdvisor Marketplaces Premium web site.
Granting access to your account Granting access to a CA account can be done only by a logged in CA user here: http://ssc.channeladvisor.com/support/grantAPI.php There are generally two cases when this is done:
1.  A Client wants to use an existing integrated application such as TradeBox.  Submitting a request through the above link will allow users  to enter Tradebox as the integration partner.  Based on this request, we will grant the TradeBox DeveloperKey access to the account requested.
2.  If a client adds a new posting account to ChannelAdvisor, this new account will need to be granted the same access as their existing accounts.  In other words access is not inherited from similar accounts.

Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.1 Build:#806 May 06, 2007) - Bug/feature request - Contact Administrators