2. Determine your API Authentication Settings
Authentication Method
Customers can choose to use either a Client Key/Secret, provided on each request, or use the Client Key/Secret to request a JWT Bearer Token and use the bearer token for subsequent requests.
Either option, or a combination of both, can be enabled from the Contract Eagle UI.
- The JWT Bearer Token expires after 60 minutes and must be refreshed with a request for a new token.
- Customers wishing to integrate via Zapier must enable the Client Key/Secret
Auto-Disable Settings
The API can be configured to automatically disable access after a specified number of invalid login attempts within a time period. Once disabled, a notification
is sent to a system notification email address that you specify and the API must be manually re-activated via the Contract Eagle UI.
Each customer can set these values for access to their API.
IP Access Restrictions
The API can be configured to only allow access to specified IP address range(s), provided in CIDR notation. These can be specified as either IPv4 or IPv6.
If an IP address outside of the specified range is used the following error will be displayed, indicating the source IP address that failed.
{
"code": "AR001",
"message": "Invalid address range [123.123.123.123]"
}
Clearing the IP restrictions will allow access to the API from any IP address.
If your IP address is hidden, the IP restrictions will need to be cleared to allow access (or can be set to the Contract Eagle proxy server address)
IP Address Guide Conversion Tool
Specifying allowed IP addresses may not be feasible for clients using third-party products (eg: Power Automate, Zapier, Power BI) where a range of IP addresses can be used and/or change frequently.