The API Access Credential settings allow you to create user authentication credentials that delegate user access to the APIs and lead receiver for increased security.
When creating user credentials, a client ID and client secret are assigned by the system and used for authentication in API calls.
How to set up API credentials:
Go to the Settings tab and select API Credentials in the left-hand menu.
Click the New button in the top menu. This will generate a popup window where you will name the user credentials in the description field. The system will generate a unique client ID and client secret for authenticating API calls. Here you can also set the allowed scopes for the credentials: Account API, Data API, and Lead Receiver.
Credentials can be enabled and disabled. However, the allowed scopes can only be set when creating the credentials and are not editable after the initial creation.
You must record the client's secret, as the system will hide this information once the settings are saved and will not be further accessible.
Using API Credentials:
The client ID and client secret are used in the authentication call to the API, which generates an access token. The access token will then be used to authenticate the API calls made to the Data API or Account API. Access tokens are valid for 3600 seconds.
More information on the authentication call can be found in the API documentation: https://api.leadexec.net/#auth_token.
Using Lead Receiver Credentials:
Once you have created credentials in your Settings, you can choose which campaigns require authentication when posting leads to the lead receiver. The Require Authentication setting is located under the General Information tab of your Lead Source Detail; proceed to Campaigns, then Edit. Here you can specify if authentication is required for the campaign.
Note: If authentication is required and an invalid access token is passed, the system will not show that lead on the search screen.