Skip to main content

API Tab Configuration


Use this guide to configure the API tab in the Web Admin for each SecureAuth IdP realm. This tab includes options for generating API credentials and enabling / disabling specific API functionality.

SecureAuth APIs use GET and POST / PUT HTTP requests in adherence with RESTful programming best practices. These endpoints enable secure end-user Authentication and Identity Management (IdM) operations within the context of custom software applications. The Login for Endpoints API lets end-users log onWindows / Mac workstations on the network using a valid Multi-Factor Authentication method.

See the following guides for more information and to configure pertinent API endpoints:

  • Authentication API guide

  • Identity Management API guide


Create a New Realm for the target resource on which the configuration settings apply


1. Check Enable API for this realm to enable the use of SecureAuth IdP APIs on this realm


This option acts as a global on / off switch for APIs on the realm, but the specific options in the API Permissions section below must also be checked in order to use Authentication, IdM, and Login for Endpoints APIs


If the Enable API for this realm option is selected but none of the API Permissions options below are checked, then the end-user can only access the dfp and js endpoints (see Authentication API Guide)

2. Under API Credentials click Generate Credentials to generate a unique Application ID and Application Key for the realm

These values are used as a means of communication to the SecureAuth API endpoints and are included in the application headers to make calls to the endpoints

API Permissions



3. Check Enable Authentication API to enable the Authentication API endpoints

4. Enable either Identity Management or Login for Endpoints API configuration options defined below

Identity Management

To configure the Identity Management (IdM) API, enable the option(s) to be used:

  • Check User Management - add / update / retrieve users and their properties to enable to following user management capabilities:

    • Retrieve User Profile

    • Update User Profile

    • Create User

  • Check Administrator-initiated Password Reset to enable admins to send an end-user a new password requested via an application

  • Check User Self-service Password Change to enable end-users to change their own password, which requires the current password before a password change is allowed

  • Check User and Group Association (LDAP) to enable userID and groupID associations to be made within an LDAP directory

    Four association methods are available with this option:

    • Single user to single group

    • Single user to multiple groups

    • Single group to single user

    • Single group to multiple users


    See the Identity Management API guide for more information on configuring Identity Management APIs

Login for Endpoints

To configure the Login for Endpoints API, check Enable Login for Endpoints API and then click Configure Login for Endpoints Installer

Use the Login for Endpoints Installer Configuration page to configure the API endpoint for Windows or Mac workstations on the network which end-users can access via a valid Multi-Factor Authentication method


See Login for Endpoints Configuration Guide for more information on configuring the Login for Endpoints API