Service Accounts
To access the MyDataHelps API, you don’t use your usual username and password. Instead you create a service account dedicated to the application that will be accessing the API.
Understanding Public Key Authentication
Your service account does not have a password, but instead uses public key authentication. Public key authentication is a highly secure method for authenticating automated applications. It works like this:
- You create a key pair containing one public key and one private key. You can do this within MyDataHelps itself (explained in Creating a Service Account below), or use an external application.
- You assign the public key to your MyDataHelps service account. The private key is not stored by MyDataHelps, and is known only by your application.
- When your application requests access to a MyDataHelps resource, you use your private key to sign your request. MyDataHelps then uses your public key to verify your signature and authorize your application. For more information, see Authentication.
Warning
Guard your private keys carefully. With your private key, anyone could access, manipulate, and even delete your project’s data. Inventory your private keys, change them regularly (as you would a password), and never embed them within source code or disclose them.
Creating a Service Account
To create a service account for your application:
- Open the “Settings” screen.
- Select “Service Accounts.”
- Enter a name for the account and click “Add Service Account.”
Note
The full service account name consists of the name you provided plus a unique identifier based on your organization. For example, if you provided the name “myapp”, the full service account name would be something like: MyDataHelps.12345.myapp. If you have multiple applications utilizing the API, it is good practice to create a separate service account for each.
Adding Keys to a Service Account
To use a service account, you need to have one or more public keys associated with it. To add a key to your service account:
- Open the “Settings” screen.
- Select “Service Accounts.”
- Click “Add New Key” next to the service account you want to associate the key with.
- You may paste in an existing public key (in RSA_X509_PEM format) if you have one. If you don’t, just click “Add Key” and a public/private key pair will be generated for you automatically.
Note
Be sure to save the private key somewhere safe. MyDataHelps does not store the private key for security reasons, and it cannot be retrieved once you close the window.
Managing Service Accounts
To view and manage your service accounts:
- Open the “Settings” screen.
- Select “Service Accounts.”
From this screen, you can delete a service account, delete a public key, or add a new public key.
Tip
It is recommended that you periodically add a new public key and remove the old one to rotate the key as you would a password.
To delete a service account entirely, click the big red trash can icon at the far right.
To delete a public key associated with the account, click the smaller trash can icon next to each key.
To add a new public key to the account, see Adding Keys to a Service Account.