Authentication and Authorization
The Percipio API is protected by Service Accounts. A service account is a dedicated entity in Percipio used for authenticating API calls. It contains a bearer token that is used for authorization of Percipio REST API requests.
A service account is similar in concept to a user account in these ways:
- It lives within an organization.
- It has a secret security credential attached to it.
Your organization can have a number of service accounts. Each account can be granted permission to access only the required Percipio APIs, and each has its own unique bearer token. Service accounts may be configured with an expiration date and can also be deactivated as needed.
As a best practice, each system you integrate with should use its' own service account. This way, if that system is removed from your learning ecosystem, you don’t have to worry about lingering access. Similarly, if you contract with a third-party to implement an integration, it's recommended to provide them with a temporary service account.