Managing API Accounts and Encryption

This tutorial covers the steps you will need to take to provision API accounts and setup your encryption data.

Step 1: Generate and Configure API Accounts

API accounts allow your applications to interact with SupplierGateway services securely. Here’s how to generate and configure them:

1. Log In to SupplierGateway
2. Navigate to the API Section:
   • Look for "Manage API" under System Settings >> Account Management
3. Create a New API Account:
   • Click the button that says "Create Account"
   • You will be prompted to create a strong password
4. Store the API Account information Securely:
   • Save the API Account Login and Password in a secure location
   • Never share API Logins/Passwords with unauthorized users

Step 2: Enter a Public Key for Encryption

Public keys are used for encrypting your data in a way that only the corresponding private key can decrypt.

1. Generate Public and Private Key Pair:
   • Use a tool like OpenSSL, ssh-keygen, or an online key generation tool.
2. Access the Public Key:
   • After generating the keys, the public_key.pem file will contain the public key.
3. Enter the Public Key:
   • In the SupplierGateway API console click on  the Add Key button and paste your public key.
   • Simply copy the contents of the public_key.pem file and enter it in the provided field.
4. Save the Configuration:
   • Click on Add Key to save your data .

Step 3: Get SupplierGateway’s Public Key

1. Download the SupplierGateway Public Key:
   • Click on the Download SupplierGateway Key button
   • Use a tool notepad to view the text content

Best Practices:

• Change API Accounts periodically to improve security.
• Store API Account information in a secure environment, such as a vault, and ensure minimal exposure.
• Do not share private keys, and use them only where decryption is required.

Now you have successfully set up an API Account and entered your public key which SupplierGateway will use for encrypted API data.