Approving Requests for Access Token Management
When a user submits an access token request that requires an approval, CentraSite initiates an approval workflow and submits the user’s request to both the API provider and designated group of approvers.
Approvers receive the approval requests in the API details page in CentraSite Business UI. Approvers whose user account includes a valid email address also receive an email message informing them that a request is awaiting their approval.
CentraSite does not process an access token request until it obtains the necessary approvals. If an approver rejects the request, CentraSite notifies the requestor and ignores further processing.
The following requests for access token management can trigger an approval workflow:
Generating an API Key / OAuth Token
Renewing an API Key / OAuth Token
Revoking an API Key / OAuth Token
Note: | For CentraSite to issue email messages, an administrator must first configure CentraSite's email server settings. For procedures, see the CentraSite Administrator’s Guide. |
Points to consider when approving or rejecting an access token request for consumption:
If the user who makes an access token request is also an authorized approver for the action, the request is auto-approved. (In other words, the requestor's approval is granted implicitly.)
If an API provider has configured the
Require Approval option in the API consumption settings for "Anyone" approval mode, only one user in the group is required to approve or reject the request. This is the default mode. For more information, see
Configuring the API Consumption
Settings.
If an API provider has configured for the "All" approval mode, the request must be approved by all users in the approver group (it does not matter in which order the approvals are obtained). A rejection by any approver in the group will cause the request to be rejected.
To view and approve access token requests
1. In CentraSite Business UI, display the details page for the API whose access token request you want to review and approve. If you need procedures for this step, see Viewing Details for an API. 2. To review and approve the access token requests for an API, click the Pending Approval Requests icon () that is displayed in the description area of the Basic Information profile, for example, N (number of pending approvals). If there are no pending approval requests for the API, then this
icon is displayed as
0.
3. Click the hyperlinked number N to open the Pending Approval Requests dialog. This dialog contains a list of requests that have been submitted for that particular API, including requests that were auto-approved.
4. Choose the access token request that you want to review and approve by clicking the hyperlinked request name. This opens the Access Token Request dialog.
This dialog displays the following information:
Field | Description |
Requestor | The consumer who triggered the access token request. |
Request Date | The date and time the access token request was triggered. |
Application Name | The name of the application for which the access token request was triggered. |
Application Description | Descriptive information about the access token request triggered for the specified application. |
5. In the Comment from the Approver text box, type a comment about the Approve/Reject action that you execute on the access token request.
For example, "Request rejected. Add required specifications to this asset and resubmit".
6. Click the Accept or Reject button as appropriate to approve or reject the access token request.