Secure your connection with Tango API (Closed Release)

🚧

Closed Release

This feature is a Closed Release, available for a limited number of users and specific use cases only.

To take full advantage of our Tango API resources, we recommend you to establish a secure connection to the Tango API through one of the following methods:

• Basic Authentication —Basic Auth is all about authentication. It identifies you as the correct entity with the online account credentials. Basic Auth requires your credentials to gain access to your platform.

• Open Authorization (OAuth) 2.0—(Recommended) OAuth establishes a secure connection with API using authorization tokens to verify your system’s identity. With OAuth, you can rotate your credentials with no downtime. In order to create a token, you need four pieces of information: client ID, client secret, service account username, and service account password. See how to Acquire a token.

  📘

  Note:

  • Tango API OAuth 2.0 is currently available on a closed release.
  • OAuth credentials must be enabled for the first time. Contact your Tango representative to enable OAuth credentials for your Tango portal. See the steps in Get started with Tango API.

Why do we recommend OAuth?

• Service continuity—the API connection is not interrupted when a service account is replaced.
• Additional layer of security—you can see the password only once at the time of creation.
• Ability to create unlimited number of service accounts—this is specially helpful for users with multiple connections, locations, or departments.

Use case examples on when to use more than one service account

• Distributed Point of Sales
  Acme Sporting Goods Company franchises hundreds of retail stores in North America. These independent franchises are each connected to the Tango platform individually. To ensure a safe connection, they use OAuth 2.0 to connect to the Tango API. They use one OAuth client credential and create multiple service accounts—one for each retail store. If a store were to be compromised, Acme would deactivate the one Service Account associated with that store. All other stores would be unaffected. Using OAuth 2.0, Acme ensures the continuity of its service without compromising its system’s security.
• Multiple Software Application Connections
  Acme Health Care has created multiple connections to the Tango API in different software applications. They have their proprietary application that sends rewards to their healthcare customers, which uses one Service Account. They also connected their accounting software to the Tango API to manage account funding that uses a second Service Account. Using OAuth 2.0 ability to create multiple service accounts, Acme created extra security and traceability. If one of their applications is compromised, they can deactivate the specific service account without affecting the other application.

Permissions

Both API keys and OAuth credentials must be enabled for your Tango platform for the first time. Contact your Tango representative to enable OAuth credentials for you. See the steps in How to get your API keys enabled.

You must have Tango API keys Manage permissions enabled for your user under the Integrations permission section. If you’re not an admin, reach out to your Tango portal admin to give you permission. Learn how to Set user permissions and access level.