CStoreOffice® Support & Learning

Creating an API User

To create a new user in CStoreOffice®:

  1. From the CStoreOffice® main page, go to Settings > General > Employees.
  2. At the top left of the Employees list, click New.
  3. In the New Employee form, set up the following mandatory employee's data:
  4. Go to the Personal Data section and set up the following user data:
  • Authentication Email: It will be used as a login during API authorization.
  • First Name: The user first name.
  • Last Name: The user last name.

  1. Go to the Login & Password section and set up the following user data:
  • Workplaces: Assign the locations (stations) which will be used by the API user for making API calls. Select the locations (stations) you need and move them to the right column.
  • Role: Select the APIUser role.

    For more information about granting user access to several locations at once, see How to assign all newly created locations to an employee in bulk.

  1. At the bottom right of the form, click Save.

For more information on how to add a new user, see How to add a new employee.

After the API user is created, an activation email is sent by CStoreOffice® to the authentication email specified in the Employee form.

The API user must follow the link and set the password which must meet the following requirements:

  • The password must be at least 8 characters long
  • The password must contain at least one numeric character
  • The password should contain at least one uppercase and at least one lowercase alphabetic character
  • The password should not contain your username or login

Your next step is to generate the authorization token. For more information, see Getting API Authorization Data.

Password expiration

By default, CStoreOffice® requires users to update their password every 90 days, which may not be suitable for service accounts, as frequent password changes can disrupt automated processes and integrations. To avoid interruptions and manual intervention, consider configuring an account that does not require regular password updates. This can be achieved by using a specific email address format designated for service accounts: <any text>.api@<domain name>. For example:

  • bd.api@acme.com
  • cso.api@myshop.eu

Do not use email addresses that prevent automatic password expiration for common (non-API) accounts, as this practice may pose potential security risks.