Follow
Managing API Keys for the Workfront System

**DON'T DELETE, DRAFT OR HIDE THIS ARTICLE. IT IS LINKED TO THE PRODUCT, THROUGH THE CONTEXT SENSITIVE HELP LINKS. **

In order to minimize API security vulnerabilities, system administrators can manage the API keys used to enable applications to access Workfront on behalf of a user.

You can reset or remove your current administrator API key, configure API keys to expire, and remove the API keys for all users.

Examples of applications that leverage the Workfront API are:

  • Document integrations such as Dropbox, Google Drive, and Workfront DAM

  • Workfront mobile applications

IMPORTANT: When resetting or removing an API key, any application that leverages the Workfront API and authenticates to Workfront via this API key must be re-configured in order to regain access to Workfront.

Understanding Workfront API Keys

Each user in Workfront has a unique API key. This key is generated on a per-user basis at the time the user accesses an integration that leverages the Workfront API (such as the Workfront mobile app or a document integration).

Workfront system administrators also have a unique API key. When an application uses an administrator API key to access Workfront, the application has administrator access to Workfront.

Resetting or Removing Your Administrator API Key

You can reset the API key for your administrator user account. 

  1. Click Setup in the upper-right corner of the Workfront interface.


     
  2. Expand System, then click Customer Info.


     
  3. To reset the API key: In the API Key Settings area, in the Your User's API Key section, click Reset, then Reset.

    Or

    To remove the API key: In the API Key Settings area, in the Your User's API Key section, click Remove, then Remove.

​Configuring When API Keys Expire

You can configure API keys to expire for all users in your system. When the API key of a user expires, the user must re-authenticate to any applications that use the Workfront API to access Workfront. You can change the frequency with which the API keys expire. You can also configure whether API keys expire when the password of a user expires.

  1. Navigate to the Setup area of the Global Navigation Bar.
  2. Expand System, then click Customer Info.
     
  3. In the API Key Settings area, in the After creation, API keys expire in drop-down list, select the timeframe when you want the API keys to expire.
    When you change this option, the new timeframe begins from the time that you made the change. For example, if you change this option from 1 month to 6 months, the API keys expire 6 months from the time you make the change.
    By default, API keys expire each month.
  4. To configure API keys to expire at the time the users' passwords expire, select Remove API key when a user's password expires.
    By default, this option is not selected.
    For information about how to configure user passwords to expire, see "Configuring System Security Preferences." 
  5. Click Save.

Removing the API Keys for All Users

If you are concerned about a particular security breach regarding your Workfront system, you can remove the API key simultaneously for all users.

  1. Click Setup in the upper-right corner of the Workfront interface.


     
  2. Expand System, then click Customer Info.


     
  3. In the API Key Settings area, click Remove all API keys, then click Remove All.

Securing Outgoing API Calls with an X.509 Certificate

You can leverage the Workfront API to communicate with third-party applications. To increase the security of your Workfront site, you can configure Workfront to allow only trusted third-party applications to integrate with Workfront by uploading an X.509 certificate to Workfront. 

Obtaining the X.509 Certificate

Obtain a valid X.509 certificate from a trusted Certificate Authority (such as Verisign), and place it in a temporary location on your workstation. 

Uploading the Certificate to Workfront

After you have obtained the X.509 certificate from your Certificate Authority, you need to upload it to Workfront.

  1. Click Setup in the upper-right corner of the Workfront interface.


     
  2. Expand System, then click Customer Info.
  3. In the API Key Settings area, select Enable X.509 Certificate.
  4. On your workstation, browse to and select the X.509 certificate that you previously downloaded.
  5. (Optional) Click View Details next to the certificate name to view the following details about the certificate:
    • Subject Common Name
    • Subject Organization
    • Subject Organization Unit
    • Issuer Common Name
    • Issuer Organization
    • Issuer Organization Unit
    • Serial Number
    • Issue Date
    • Expiration Date
  6. Click Save