How to create and manage access tokens

Path in CC5: System Settings - Access Control - API access

The access token gives developers or external systems create, read, update and delete access to the system. The token is unique for each API and limited according to the API definitions.

The access token is also necessary for access to the API documentation on Swagger.

Note!
To get access to the Public API, you not only need to create an access token. In addition, you must whitelist the external service and all machines that shall have access to the documentation on Swagger. Read more here.

We recommend creating one access token per integration (e.g. one for Fortnox and one for Salesforce).

  1. Go to System settings - Access control - API access.

  2. Then, click New access token to create a new token for a certain service.

  3. Tick all boxes next to the endpoints that shall be accessible.
    If you tick System registers and Datasources you get additional access to supporting APIs for dropdown lists, custom registeres, etc.

  4. You can also enter an Expiration date for the token. If the token shall not expire, select No expiry date.

  5. Click Save.

Once you have created the token, it is added to the list under System settings - Access control - Api access. You must now give it to your developers. When sending requests to Complete Control via API, the token must then be added to the X-Authentication header, prefixed by Bearer. Here a simple URL example with the token placed at the bottom:

Note!
Create one API per endpoint you want to connect to: If one API shall be used to synchronize persons with an HR system, create one access for this. If you then want to synchronize assets or contracts with another system, create a new access.

You can create as many tokens as you need with no additional costs. Therefore, we recommend creating one token per integration and to included only the endpoints you need for this token.

Example:
Let's say you want to keep your contracts in Complete Control in sync with the contracts in your ERP system. In addition, you want to ensure that Complete Control is updated with the latest employee data from your HR system. In this case, you could create two separate access tokens - each with its own "scope": The ERP access token would get access to contract-related product areas. And the HR access token would get access to person-related product area. As there can be situations where might want to query dropdown list data, etc. it can be smart to also include Datasources and System registers.

You find the token when clicking the Title in the overview list under System settings - Access control - API access.

For existing tokens, you can e.g. change the expiration date or access to endpoints.