I'm building out integrations to my tech stack and a few of these companies want to connect via API users. So far I've created separate users and named them based on what part of the tech stack they relate to (ex: DOMO API user, Influitive API user, etc).
I have more integrations coming up and it seems like they all work the same way. In my CRM, we use 1 API user that connects onto many different integrations but that was originally due to pricing per user. In Marketo I can have lots of users without additional pricing. I was trying to keep these separate for auditing, but is it OK to just use 1 API user and connect to different technologies rather than 1 user per technology?
Solved! Go to Solution.
Always use dedicated API users. This is the only way you can audit & remove access.
How do you come up with other email addresses when IT doesn't want to deploy more? So far I've been using my old emails (since API users can't log in, it's secure after I leave), but now Gmail and Yahoo, etc. require phone numbers with new accounts. I just want a few throwaway ones...
You can use Gmail submailboxes, e.g. czuniga+domo@gmail.com, czuniga+influitive@gmail.com.
Sanford Whiteman you always know the answer! Thank you
Sanford Whiteman, is there any way to actually audit API users?
I've been advised by Marketo Support that they have no way of tracking actions made by API users.
From Marketo Support:
We cannot tell what an API call did without the body of the call, so no there isn't a way to query for the activity log. We can tell when an API user had a call but we can't tell what data value changes occur from that user.
With only Marketo, you won't get the HTTP-request-level audit trail. I use an API gateway, like Amazon's AWS APIGW, to capture those logs... an upside to Marketo's low daily call limit is that you can pass all calls through a gateway for pennies a month. The gw will give you call-level logs (when enabled) and also lets you set different daily limits per API user, a critical feature when API users can't control themselves.
That is a nifty trick! I'll definitely explore. I've had issues with some of our integrations in the past, and it would be hugely beneficial to get access to the the call information.