Tenant API Gateway Managing API Credentials

This article describes the process of creating and managing Tenant API Credentials, and is intended for partner administrators.

Overview

The Tenant API Gateway allows partners to create and manage API credentials which can be used to access as well as manage any of their Tenant account using APIs. Once Tenant API credentials are created, the partner should be able to use these credentials to Provision, Onboard and Manage their Tenants using publicly available API endpoints available on Mimecast API Portal.

Prerequisites

To create and manage Tenant API credentials, the Partner administrator should have the following roles assigned: Super Administrator, Full Administrator. Please follow the instructions at Protected Content Administrators if a user within your account requires one of these roles..

Creating Partner API Credentials

Follow the steps below to create API credentials that allow partners to call API endpoints on behalf of their tenants.

1. Log in to your NFR account within the Mimecast Administration Console: https://login.mimecast.com/u/login/#/login.
2. Navigate to Multi Account Control | Tenant API Gateway.

3. Click Create API credential.
    

4. Accept Terms and Conditions and fill in API credentials Details.
    

5. Click Save & Generate Keys.
6. Store the Client ID and a Client Secret securely, as it will be used to obtain an access token.

Service Principal Lifecycle Management - Email Security Cloud Gateway Only

A service principal is created automatically upon Partner API Credentials creation and is associated with the created credentials. The service principal can only exist if the application it was created for exists. Deletion or disablement of the application will delete or disable the service principal.
 

Managing Partner API Credentials

View Partner API Credentials

1. Log in to your NFR account within the Mimecast Admin Console: https://login.mimecast.com/u/login/#/login
2. Navigate to Multi Account Control | Tenant API Gateway.

3. Click on the Meatball Options next to any existing API Credentials:

• Users with Multi Account Control | Tenant API Gateway: Read and Edit permissions will enable the user to View, Edit, Delete, as well as Regenerate API Credentials.
• Users with Multi Account Control | Tenant API Gateway: Read permissions will be able to View API Credentials.

Edit Partner API Credentials

1. Click the Meatball Options next to the desired API Credential and Select View/Edit Credentials.
    

2. Modify Details: Update the necessary details in the form provided.
3. Save Changes: Click Save to apply the changes.

Delete Partner API Credentials

1. Click on the Meatball Options next to the desired API credential and select Delete.

2. Confirm Deletion: Confirm the deletion when prompted, to permanently remove the API credential.

Regenerate Partner API Credentials

1. Select the Regenerate Option: Click on the meatball options next to the desired API credential and select Regenerate.

2. Save the New Credentials: Store the new credentials in a safe place as this is the only time these regenerated credentials will be visible.

Troubleshooting API Connection Issues

If you encounter issues connecting to Mimecast APIs, follow these troubleshooting steps:

1. Check API Credentials: Verify that your API credentials are current, and have not expired.
2. Verify Account Permissions: Ensure the account has the appropriate permissions to access the requested resources.
3. Confirm Resource IDs: Make sure you are using the most recent group/resource IDs in your API calls.
4. Review API Logs: Check API logs for specific error messages such as 'Token not valid for user' to identify the root cause.
5. Regenerate API Keys: If persistent issues occur, consider regenerating your API keys following the process outlined above.

Conclusion

This guide has provided an overview on how Mimecast partners can efficiently Provision Partner level API Credentials to manage their customers.