Application passwords and API credentials are automatically-generated secure passwords designed to grant access to DF Studio for a single purpose. Any DF Studio user can create unlimited application passwords, while only DF Studio users with admin permissions can create API credentials.
An application password pairs with a user’s existing login username to provide authentication for that user when accessing DF Studio through plug-ins and other tools that don't support single sign-on (SSO) access. Even DF Studio users who do not authenticate using SSO may find application passwords preferable for use with plug-ins or other external applications. They represent a secure and constrained method for accessing an account, since an application password can be revoked without making changes to the user account from which it was created.
API credentials are specifically designed for authenticating with the DF Studio API, and have a unique username since they are not associated with a particular user account.
Neither API credentials nor application passwords can be used to log in to DF Studio via the web browser.
Access and Permissions
Application passwords are connected with the user account from which they were created, and thus are bound by the same permissions as the user account. (See Control Access With Permissions Settings for more information about how permissions control access to DF Studio assets and features.) The History Inspector will display the user’s name for any actions performed using the application password, the same as the user’s regular authentication method.
API credentials are not linked to any user account, and therefore have no permissions restrictions. DF Studio’s Asset History will reference the name of the API credentials in connection with any actions performed through the API.
Create an Application Password
Any DF Studio user can create application passwords for use with their existing username. Visit the Settings screen in DF Studio and click “Application Passwords” in the User Settings area.
In the right column of the Contact Info and Passwords page, any current application passwords will be listed. Click “Create a New Application Password” to add another.
In the Application Password overlay, provide a name for the new application password. This name serves only to make the password recognizable in the application passwords list; it is never displayed elsewhere. Click the “Generate” button to continue.
The overlay will update to display the application password. This will only be displayed once, so it should be immediately copied and pasted into the plug-in or application for which it will be used.
After closing this window, there will be no way to recover this password. If the password is lost or forgotten, it must be revoked and a new one must be created.
Once the new application password has been copied and correctly stored, click the “Okay” button to dismiss the overlay. A confirmation will be sent to the email address on file for the user creating the application password.
For security reasons, the names of application passwords must be unique across all users on the account. If the Application Password overlay displays an error asking for a different name, consider a more unique name. For example, include the account username in the name of the new application password.
Revoke an Application Password
Revoking an application password will immediately invalidate it for all uses, without changing the user’s account password or affecting any other application passwords. Load the application password listing by navigating to the DF Studio Settings page and clicking “Application Passwords” as described above.
From the listing, identify the application password to be revoked by its name or date of creation, then click the “delete” icon to revoke it.
Click the “Delete” button in the confirmation overlay to complete the process. The application password will be removed from the list.
Manage Application Passwords of Another User
Account administrators can view and revoke application passwords for any user on the DF Studio account. View the user’s account information by visiting the Settings page and clicking “Users and Teams” from the bottom half of the left column.
Access any user’s account information by clicking the name of a user, or the “Edit” button next to the user’s account in the listing.
In the right-hand column of the Edit User page, the Application Passwords section will list any active application passwords on that user’s account. If necessary, click the “delete” icon alongside an application password to revoke it and invalidate it immediately.
Click the “Delete” button in the confirmation overlay to complete the process.
Create API Credentials
DF Studio users with admin access can create API credentials for use with the account. These consist of a unique username and password that are specifically created for accessing the DF Studio API. Visit the DF Studio Settings screen and click “API Credentials” to review existing API credentials on the account.
This page lists all API credentials currently active on the DF Studio account. Click “Create New API Credentials” to add another username and password.
In the API Credentials overlay, enter a name for the API Credentials. This name helps identify their intended use (for example, the name of the external application that will be accessing the DF Studio API) and will be displayed in DF Studio’s Asset History as the “user” responsible for any actions conducted using the credentials. Click the “Generate” button to create the API credentials.
Each set of API credentials must have a unique name. Avoid entering a name that is already in use on the account.
The overlay will display the username and password for the new API credentials. While the username will be displayed in the API credentials listing, this password will only be displayed once, and should be copied and immediately encrypted and stored within the external code base that will be using the API credentials. It should never be stored in plaintext under any circumstances.
After closing this window, there will be no way to recover this password. If the password is lost or forgotten, the API credentials must be revoked and new ones must be created.
Once the new application password has been copied and correctly stored, click the “Okay” button to dismiss the overlay. The name and username for the new API credentials will be added to the listing, and a confirmation email will be sent to all admin users on the DF Studio account.
Revoke API Credentials
Any DF Studio with admin access can revoke a set of API credentials at any time. This will immediately invalidate the credentials for access to the DF Studio API. View the API credentials listing by navigating to the DF Studio Settings page and clicking “API Credentials” as described above.
From the list, identify the API credentials to be revoked by their name, username, or date of creation, then click the “delete” icon to revoke.
Click the “Delete” button in the confirmation overlay to complete the process. The API credentials will be removed from the list.
DF Studio users with the “Asset API Access” permission granted can connect to the DF Studio API using their typical login username and password. This legacy authentication pathway does not interact with the API credentials feature, but users are strongly encouraged to migrate from the use of API users to the more secure and controllable API credentials method, then disable the Asset API Access permission.
When authenticating to the DF Studio API via an API user account, please be familiar with best practices to Secure an API User.
Users who authenticate to DF Studio using single sign-on (SSO) will need to establish an API password in order to connect as API users. (If feasible, using API credentials to connect to the API would be recommended instead.)
To establish or change an API password for an SSO user, visit the DF Studio Settings page, then click “Application Passwords” to access passwords. At the bottom of the right column of the page, enter a new API password—or, if an API password already exists, type the current password and confirm the new password twice to change it.