Overview

This doc will list how you can add different connector API keys (and other credentials) for your organization, in a Data API or through a channel.

The reason we have different ways of adding the credentials is to support the Client through any request- be it using the same connector for different use cases that need different credentials, accessing different environments, or even setting a default for the organization while the Client is evaluating a specific connector.

Secure Storage

• The organization and Data API section is shared securely between the platform and our servers (aka backend processing system) through a shared AWS KMS key.

• Internally, Demyst uses a password manager to store/share any default credentials, if needed. Unless the Client is entering and managing their own credentials, all Demyst users must maintain credentials in this password manager for tracking purposes. The logs list by whom credentials are used, and where they were entered, but they will not mention the credential values themselves. Hence, these must be stored in the password manager so that the team can use them for tracking, conducting their audits, and Data partner conversations.

• Should you need assistance with any of the below, please route the access to connectors@demystdata.com who will take care of the access and key management. The team will include Infosec accordingly for any incidents where passwords are revealed or the process is not followed to maintain the security of the system.

Secure Storage

1. Default - The default credentials are picked up from Demyst’s backend processing system. Credentials are encrypted and added during integration unless Demyst does not have the rights (i.e. the Connector is locked as we are processors). If there are no default credentials (or any of the below), you will see an insufficient_credentials error.

2. Org Level - Even if default credentials are available, the organization credentials take precedence. Organization-specific credentials can be added by Admins of the organization by logging in to the Demyst Platform, and navigating to the Team Settings page at https://demyst.com/app/settings/general. At the bottom of the screen, you will see Global Connector Configuration. Once these are added, every request through this organization will use these credentials.

   Note - Takes 10-20 minutes to become active once credentials are added.

   

   Note - When adding a credential, add all for the connector so that it can work. For experian_business_search_api to work, you need to add all of the below. .

   

3. Data API/Channel Level - If you navigate to the Settings page of a Data API/or a channel, you will be able to add credentials for that API only. This will override all other credentials stated above. An example of this application would be to have organization-owned lower environment credentials at the Org Level, and then production environment credentials at the Data API/Channel Level so that no higher cost transactions occur without intent.