Creative Force offers the flexibility to connect to your desired vendor or platform, even when they dont have an official integration with us. As part of the setup steps for connecting via our Gateway API, you will need to configure a User in Creative Force for us to take actions on behalf of.

When a vendor or third party connects using the External Post Vendor API, the system allows for a client's credentials to be used as a method of authentication as part of the integration. You can read more on getting started with Client Credentials Flow in Creative Force here.

As a best practice, we recommend setting up a new dedicated user account to register the app on behalf of, rather than using an active account or existing user.

This ensures that permissions and client access can be restricted to only those required for the purpose of connection to Creative Force’s Gateway API. From a security standpoint, this practice helps to reduce the risk of potential data leaks.

Below, we’ll cover the recommended approach when setting up an API user account in Creative Force.

First, you’ll need to create a new User Role that you will assign to the Vendor’s user. This Role can be named to your preference; in our example below, we’ve called this role 'API User.'

Next, you’ll determine the access the user assigned to the Role will have. It is recommended that you only allow the permissions necessary for the API integration, which can be found under the Developer API tab of the User Role settings screen.

For specific requirements on Developer API Skills associated with specific Connectors or functions, please see the Developer API Permissions section here.

Once you’ve created the User Role, head to Studio Settings → Users to create the user account for the API Connection.

Under 'User Role,' select the API User Role created earlier.

Once the user has been created, you’ll want to ensure that all Skills are disabled:

Lastly, you’ll need to determine the Workspace access under the User Groups tab. It would be recommended to only enable access for the Workspace this vendor will be working with.

Once the previous steps have been completed, you can register the App on behalf of the API User account.

Under the Developer API section of the user role permissions, the skills are broken down per individual API action. The levels of control are a binary choice between 'None' and 'Access.'

Different Applications (Registered Apps) and their associated Connectors have varying requirements depending on the type of actions they are meant to perform.

The next sections will outline specific requirements for connectors or functions in Creative Force that require an On Behalf User.

An example of a function that might require an On Behalf User of this type would be setting up an External Post-Production Vendor with the Gateway API Method. For more information on that process, please see our dedicated setup article here.

The API user will need 'Access' access for the following permissions: