This article is for:
- Org Security Admins
- Org Workspace Admins
- Workspace Owners
To access any Workiva API’s, users will need an API grant for authorization. Once you create an API grant for a user, you’ll be able to edit the grant’s details or delete the grant. However, only the user will be able to view their grant’s secret by regenerating the grant in their user profile.
Create an API grant
To begin creating an API grant:
- In Workspace Settings, go to the Security tab and select Create API Grant.
- Enter the following information for the API grant:
-
- For Client Name, enter a name that will help you identify this grant.
- For Workspace, enter the workspace that this grant will be attributed to.
- For Workiva Username, enter the username of the user who needs the grant for the API. Only this user will be able to view this API grant’s secret in My profile > Security.
Note: For security purposes, if you later change the Workiva Username, the current secret will become invalid, and only the new user will have access to the new secret.
- For Scopes, specify the action(s) the system can take on behalf of the user.
Note: See our Understanding API Grant Scopes discussion to learn more about scopes.
- For Expires, set when the grant should expire, based on your organization's security policies and preferences.
- If necessary, enter a comma-separated list of IP addresses to the IP Allowlist for the grant.
- Click Add Grant to finish.
Manage API grants
You can edit a specific grant’s details or delete the grant by clicking the respective action in the Actions dropdown.
View API grant secret
Only the user who’s specified in the API grant’s details can view their grant’s secret by going to My Profile, selecting the Security tab, then clicking Regenerate in the Actions dropdown next to the grant. The user can only view the secret once, so they’ll need to copy down the secret in a secure place. If they lose the secret, they’ll need to regenerate the secret again.
Note: The secret begins with "wk_secret:"