Applications using "Password Authentication" into Tanda accounts will require an access token to connect to your account via our API.
You can easily create these along with the required scopes to allow access to your data.
Access tokens generated using Password authentication never expire, but can be revoked from the API management page.
Note: Tokens will expire when the Admin profile that created them is deactivated. It is suggested for large orgainsations that a policy be in place around this to ensure integration continuity. Some organsations will maintain a generic Tanda Admin profile to handle the token creations to avoid issues when users leave your business - please consider how you might manage this for your circumstances when setting up tokens.
For more information on Tanda's API head to our documentation found here:
When logged into Tanda as an admin navigate to the below URL to access your accounts developer portal:
Click the "New Token" in the top right.
It is recommended to give the token you are creating a "label" so it is easily identified in the future in terms of which integration it relates to in the future.
Select the "scopes" that you want to provide to the 3rd party system - this dictates what data in Tanda the other system will be able to read and edit via the API.
If in doubt about this confer with the help guides or direct advice from the other system.
Once you have selected the scopes you want to allow, click "Save Token".
Sharing Token IDs
When you click "Save Token" you will be shown a confirmation screen that provides a Token ID (see below). Do not navigate away from this page immediately, the token ID will only be shown once (for sceurity purposes),
Copy this Token ID somewhere safe on your computer; you will need to provide this ID to your 3rd party system as they will use this to authenticate their API requests to access your Tanda data.
Consider sharing it via secure means - it provides access to your data in a similar way as sharing your user name and password would.
Once created tokens will be listed on the My Tokens page of the Developer Portal. The listing shows what scopes you provided when creating the token.
In the circumstance of needing to revoke access to a 3rd party application you can delete tokens from here.
If you need to alter the level of access you are providing to an application via a token you would need to delete and create a new one with the scopes you would like.