API Access Control Management
[Administrator Settings] > [API Access Control Management]
The API access control management feature of the SHIELDEX File allows administrators to set access permissions by channel and business unit, and supports the ability to check and manage API call history.
Administrators can refine API access permissions based on channels and task codes, and can issue API keys for each permission or view request logs.
⚠️ The 'API Access Control Management' setting permission is granted to [Administrator Type - System Administrator], and
Administrator permission settings can be configured in [Administrator Settings] > [Account and Permission Management].
▷ Code Registration
The foundation of API access control채널 코드, 업무 코드registers.
Add Channel
+ 채널 추가Enter the following items when the button is clicked.
| item | Description |
|---|---|
| Channel Code | Unique identifier code (e.g., FRD, OPS, etc.) |
| Channel Name | Description or name of the channel code |
When a channel is deleted, all related access settings and logs are deleted and cannot be recovered.
Add Task
+ 업무 추가Enter the following items when the button is clicked.
| item | Description |
|---|---|
| Work Code | Classification Work Code |
| Work Name | Description of the code (e.g., file import, vaccine integration, etc.) |
Removal Guide
- You cannot delete it if there are associated access control settings.
- When deletion is confirmed, all associated data will be deleted along with it and cannot be recovered.
▷ Access Control Settings
Designate an administrator to grant API access permissions for registered channels/work codes, and issue and manage the API Key.
Access Control Registration
+ 접근 제어 등록Set the following items when the button is clicked.
| item | Description |
|---|---|
| Channel Code | Selectable Registered Channel Code |
| Work Code | Selectable Registered Task Codes |
| Channel Manager | Admin account granted API access permissions |
- Once the registration is complete, the API Key will be automatically generated and displayed in the list.
Display Item
| item | Description |
|---|---|
| Registration Time | Time when access permissions are set |
| Channel/Work Code | Access Control Target Classification Information |
| Administrator ID | Administrator account with access rights |
| API Key | Key used for authentication (caution for external exposure) |
| Action | Provide a button to disable access control |
Change Administrator
담당 관리자 변경You can change the administrator with access rights by clicking the button.
Access Control Disable
해제Clicking the button will delete the corresponding API Key and access policy.
▷ Access Control Logs
You can view the request history made through the API. Each request record is provided with detailed information and supports filtering and export functions.
Log Entries
| item | Description |
|---|---|
| API | Request Type (Inquiry, Download, etc.) |
| Customer Number / User Management Number | Requesting Party Identifier |
| Channel Code / Work Code | Request Classification Information |
| Request Task ID | Unique ID to track requests |
| File Relative Path | Result file save path |
| File Name | Processed file name |
| Request Time / IP | Request Occurrence Time and Client IP |
| Response Message | Processing result in JSON format |
| Response Code | HTTP Status Codes (e.g., 200, 403, etc.) |
Filter Function
- You can specify a date range to view logs for a specific period.
- You can check logs categorized by request type filters (All, Application, Inquiry, Download, Allow, Block, etc.).
- You can filter by various conditions such as customer number, user number, channel code, task code, and file name.
Export Function
- Top left
내보내기When you click the button, the logs that match the current query conditions will beDownload as CSV fileYou can do it.
CSV files can be used for purposes such as storing audit logs, generating reports, and tracking system integration errors.
Notes
- Systematically separate API access permissions within the organization using channel and task codes.
- Manage the API Key to ensure it is not exposed externally, and if necessary, revoke it immediately and re-register.
- API access logs are periodically backed up or stored through export functionality.