Create Access Key

This process is required to create the first access key for an administrative user on a tenant and to gain access to CXone APIs. Once the first access key is created, it can be used to request an access token via API.This access key method will be the required API access method in the future. NICE inContact intends to deprecate previous API access APIs.

You must use area specific domains and developers should know the domains that apply to them before beginning this process. Contact your Technical Account Manager or Technical Account management team with domain questions. Current domains are:

  • na1
  • au1
  • eu1

Examples in this guide use the na1 area domain.

NOTE:Developers should not tether integrations to the following process.

An administrative user with credentials to https://auth.nice-incontact.com is required to complete this process. This user must have a role with permissions enabled for access key management. There are two access key-related privileges:

  • My Access Key-allows the user to manage access keys for that user’s own account, including permissions to view, create, edit, and delete
  • Access Key-allows the user to manage access keys for others, including permissions to view, create, edit, and delete
  • Log in to CXone with an appropriately-permissioned administrator account.
  • Click the drop-down icon beside your user name to display the user menu.

  • Select Support-Downloads.
  • On the Downloads page, click Generate Key.

  • Log in using the same user credentials and then click Generate.

At this point, the window will display a basic authorization token with a Copy to Clipboard button:

This token must be refreshed before it can make API calls. You can use code or a RESTful API tool like RESTlet or Postman to invoike the API methods.

To refresh the basic authentication token, you must invoke the token refresh API endpoint:

https://na1.nice-incontact.com/public/user/refresh

This will generate a bearer token and a refresh token.

Your POST request should contain:

  • Header: Content-Type: application/json
  • Body: “token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9…” (that is, the basic authentication token from the Generate Key in CXone task.

This request will generate the following:

   { 
    Response: 200 success
    Body: {    
        "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9….”
        "tokenExpirationTimeSec": 3600,
        "refreshToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9…. ",
        "refreshTokenExpirationTimeSec": 0,
        "sessionId": null
        }
    }

With the bearer token, you can create an access key using this endpoint:

https://na1.nice-incontact.com/access-key-management/v1/access-keys.

Your POST request should contain:

  • Header: Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9…. (the bearer token is the "token" shown in the response to the refresh request).
  • Content-Type: application/json
  • Body: {“userId”: “string” “tenantId”: “string”}

Note:You can find the GUID for userID and tenantID by pasting the token into jwt.io.

This request will generate the following:

 201 Response:
 Body: 
 {
 "accessKey" :
 { 
  "accessKeyId" : "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "accessKeySecret" : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "userId" : "1xxxxxxxxxxxxxxxxxxxx”,
  "tenantId" : "xxxxxxxxxxxxxxxxxxxx",
  "isActive" : true
 }
 }

To generate a token using the “accessKeyId” and “accessKeySecret” obtained in the previous task, invoke this endpoint:

https://na1.nice-incontact.com/authentication/v1/token/access-key

Your POST request should contain:

  • Header: Content-Type: application/json
  • Body: {"accessKeyId":"" "accessKeySecret":""}

This request will generate the following:

 Response Body: {
"access_token": "string",
"token_type":"string",
"expires_in": "long",
"refresh_token": "string",
"refresh_token_expires_in": "long",
"id_token":"same as access token"
}

From this point the ACD APIs methods listed on https://developer.niceincontact.com/API are available to invoke with the access token provided in the response. The remaining access key management APIs to update, delete or return a list of access keys will be documented on the developer portal.