Any user who wants to access the API must have logging into SuperWEB2 and viewing the Preferences page).(which is obtained by
By default, all users will be able to obtain an API key from SuperWEB2, but if you do not want all your users to have access to the API you can restrict it so that keys are only available to users who belong to specific SuperADMIN groups.
Restrict Access to API Keys
To restrict API key access, make sure your users are organised into groups, then run the following command in SuperADMIN:
<list_of_group_ids> with a comma separated list of groups that should have access to keys. Users will only be able to obtain an API key if they belong to one of the specified groups.
For example, the following command ensures that keys are only available to users who belong to the
Prevent Any Users from Accessing API Keys
If you do not want any users to be able to access API keys through SuperWEB2, then simply set the
superadmin.apiToken.groups key to any empty array:
Allow All Users to Access API Keys
If you want to allow all users to access API keys, run the following command:
Revoke an API Access Key
The above commands can be used to prevent users from obtaining API keys for their accounts. However, any user who has already obtained an API key will still be able to use that key.
You can invalidate a user's existing key by running the following command in SuperADMIN:
For example, to invalidate the API key currently assigned to the user jsmith, run the following command:
This command invalidates the user's current key, but it does not prevent the user from obtaining a new key in SuperWEB2.
If you want to turn off a user's API access you should use this in conjunction with the command above that restricts which groups can obtain keys in SuperWEB2.