We want to transfer an existing API key from one user to another. How do we do that?
Hi Tom,
Thanks for your message and welcome to our API Forum For security reasons it wouldn’t be possible to move access/refresh tokens between users (this is because you need the user’s explicit permission for your integration to access their account, which is granted when they log in to FreeAgent during the app approval process), although I’m not too sure if I’m understanding your question correctly? If this doesn’t answer your query, would you mind clarifying what you’re trying to achieve?
Best wishes,
Ewa
Thanks Ewa. Is it possible to reduce the access for this user that has left the company so they can’t login to freeagent but the API will still work (I see there are 8 levels of access)? Failing that do I assume we’ll need to create a new API key under one of the remaining users? Much appreciated.
Hi Tom,
At present, the level of API access for a token is equivalent to permissions that the relevant user has in the web app and these two can’t diverge. If the user has left the company and should no longer have access to FreeAgent, then the best course of action would indeed be to generate an access & refresh tokens for another user who’s still active (if this isn’t already built into the UI of your integration, you can follow the instructions here). After updating the tokens, you can set the permissions of the user who left to Level 0, which will prevent them from accessing either the main FreeAgent app as well as the API.
I hope this helps!
Best wishes,
Ewa