Managing API clients

Third-party systems can be integrated with Acronis Cyber Cloud by using its application programming interfaces (APIs). Access to these APIs is enabled via API clients, an integral part of the OAuth 2.0 authorization framework of the platform.

What is an API client?

An API client is a special platform account intended to represent a third-party system that needs to authenticate and be authorized to access data in the APIs of the platform and its services.

The client's access is limited to a tenant, where an administrator creates the client, and its sub-tenants.

When being created, the client inherits the service roles of the administrator account and these roles cannot be changed later. Changing roles of the administrator account or disabling it does not affect the client.

The client credentials consist of the unique identifier (ID) and secret value. The credentials do not expire and cannot be used to log in to the management portal or any service console. The secret value can be reset.

It is not possible to enable two-factor authentication for the client.

Typical integration procedure

  1. An administrator creates an API client in a tenant that a third-party system will manage.

  2. The administrator enables the OAuth 2.0 client credentials flow in the third-party system.

    According to this flow, before accessing the tenant and its services via the API, the system should first send the credentials of the created client to the platform by using the authorization API. The platform generates and sends back a security token, the unique cryptic string assigned to this specific client. Then, the system must add this token to all API requests.

    A security token eliminates the need for passing the client credentials with API requests. For additional security, the token expires in two hours. After this time, all API requests with the expired token will fail and the system will need to request a new token from the platform.

For more information about using the authorization and platform APIs, refer to the developer's guide at https://developer.acronis.com/doc/account-management/v2/guide/index.