Maintaining Web Service Users

Use the Web Service User form to maintain information about PrismHR Web Service Users, which are used when accessing the API. You can set up user profiles, grant or deny access to different companies or IP addresses, and review pending updates for web service users.

Actions menu

The Actions menu on the Web Service Users form contains the following options:

Audit – see Viewing the Audit Log
Pending Approval Emails – specify the email addresses to receive notifications about pending web service user updates. See Setting up Approval Emails for Pending Updates to Web Service Users.

More resources

This article provides an overview of web service user setup options. See the following topics for more details about web service user security, best practices, and guides for working with the PrismHR API.

Web Service User Security
Option-Level Access Control
Allowed Methods for Web Service Users
Getting Started with the PrismHR API
Updating Web Service User Permissions

Maintaining web service user information

To maintain web service users, do the following:

1. Complete the following fields as needed:

Field

Description
User ID

Enter or select the ID for the user profile.

Note:  If this is a Marketplace Integration user, enable that field to display a second field where you can select the marketplace vendor's description:

If this is a new user, the vendor's name populates in the User ID field.
If the user record already exists but the Marketplace Integration field is not enabled, you can enable that field and select a vendor's description, which does not overwrite the existing User ID.

After saving this update, you cannot change the User ID, the Marketplace Integration field, or the vendor description field.

Note:  After the User ID is entered, additional options display on the form if there are pending changes to the web service user's permissions. For more information about our automation process used by some marketplace partners, see Updating Web Service User Permissions in the API documentation.
User Name Name of the user.
Password Password for the web service user (required for obtaining an API session token).
Account Disabled Select this field to deactivate the web service user account.

Minimum API Version

Select a supported API version from the list. The system will restrict the user from accessing versions prior to the selected one.
Company Access

Defines the companies that users can access. Options are:

  • Grant Access by Default, Deny Access to Specified — The user has access to all companies by default. To restrict access to certain companies, enter the user IDs of those companies.
  • Deny Access by Default, Grant Access to Only Specified Companies — The user can only access the companies listed.

Note:  By default, web service users can see only active companies. With some API methods, they can also see inactive companies. Companies with other statuses (pending, pre-terminated, and terminated) are not available.
Company ID (Optional) Enter one or more Company IDs. A Company Name displays for each ID. The Company Access setting determines whether the user is restricted from seeing the specified companies, or only has access to the specified companies.
Contact Information For example, the user's phone number or email address.
Disable IP Restrictions

Select this field to disable the IP restriction feature.

Note:  This is not recommended for use except by Development.
Allowed IPs

Allows specific IP addresses to access the web service engine with the user's credentials.

To specify a range of IP addresses, use a hyphen. For example: 123.456.789.100-123.456.789.200.

Note:  The IP address range feature applies to API versions 1.23 and above.

This example would grant access to all IP addresses falling between 123.456.789.100 and 123.456.789.200, inclusive.
Disable Method Restrictions

Select this field to disable method restrictions.

Note:  This is not recommended for use except by Development.
Allowed Methods

Use this grid to grant the web service user access to only certain endpoints of the PrismHR API. For example, if you created a web service user for a time clock vendor, you might want to restrict that user's access to only methods that return time clock-specific data.

When setting up allowed methods, you can use an asterisk (*) to grant access to all methods in a particular service. For example, ClientMasterService.* grants the web service user access to all Client Master Service methods. You cannot use an asterisk to grant access to SystemService methods.

Note:  Leave the Allowed From and Allowed To fields blank if there is no time of day restriction for the method. All times are Central Time.

  • Allowed Method — Specify each method that the web service user is allowed to call. See Allowed Methods for Web Service Users for a list of the methods and brief descriptions of the data that they allow the web service users to access. For detailed information about the returned data, see the PrismHR API docs.
  • Allowed From — Time of day when a method can be called.
  • Allowed To — Ending time of day when a method can be called. If there is a time in the Allowed From field, but no value in the Allowed To field, the system defaults to midnight.

Any changes made here will be applied the next time the user logs into the system. If the user is currently logged in, access does not change.

2. Click Save.

Parent Topic

Maintaining System Parameters