Skip to main content
hamburger menu Created with Sketch.
Veeva Support EU Holiday: Mar 15th - Limited staff, please plan accordingly

Community

Search

Welcome to Community

Account Security and the Delegate Access API

Featured
Eric Matelyan

Vault’s delegated access feature provides a secure and audited process to designate a user to handle Vault responsibilities on behalf of another user on a temporary or ongoing basis. Vault tracks all activities performed by the delegate and logs those activities in audit trails that meet compliance standards.

https://platform.veevavault.help/en/gr/15015/

 

As of Vault API v22.3, Vault API supports sending calls as a delegated user. With the delegated access endpoints, you can generate a delegated session ID for any Vaults where you have delegate access. API calls can then be made using that delegated session ID.

https://developer.veevavault.com/api/22.3/#delegated-access

 

This enhancement provides two important security advantages for the API when using shared accounts such as Integration and Migration accounts. First, access to the accounts can be delegated and removed as need be, and login info doesn’t need to be given out. Second, Vault tracks all API calls performed by the delegate and logs their activities in audit trails. The audit trails will have accurate details as to who performed which actions, and as which user.

 

VAPIL sample code for building a delegated session client:

//Retrieve vaults that you have delegated access to
DelegationsResponse delegationsResponse = vaultClient.newRequest(AuthenticationRequest.class)
               .retrieveDelegations();

//Retrieve the Vault ID and Delegator User ID from the vault you want to access
DelegatedVault delegatedVault = delegationsResponse.getDelegatedVaults().get(0);
int vaultId = delegatedVault.getId();
String delegatorUserId = delegatedVault.getDelegatorUserId();

//Initiate a delegated session with the Vault ID and Delegator User ID
DelegatedSessionResponse delegatedSessionResponse = vaultClient.newRequest(AuthenticationRequest.class)
       .initiateDelegatedSession(vaultId, delegatorUserId);

//Retrieve the delegated session ID from the response
String delegatedSessionId = delegatedSessionResponse.getDelegatedSessionId();

//Build a separate Vault Client using the delegated session ID
VaultClient delegatedVaultClient = VaultClientBuilder
       .newClientBuilder(VaultClient.AuthenticationType.SESSION_ID)
       .withVaultDNS(domain)
       .withVaultClientId(vaultClientId)
       .withVaultSessionId(delegatedSessionId)
       .build();
0

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk