Considerations when you connect multiple applications to Vantage

It is important to choose the correct approach when you want to connect multiple applications to Vantage. In many cases, you can create a single user that all of your applications use to access Vantage. However, if you have several applications that perform different kinds of task, each application may need its own user dedicated to its exclusive use.

Choosing a method

When you determine whether applications should share Vantage users, consider:
  • The level of permissions that each application needs
  • The scope of operation that each application needs
  • The internet protocol (IP) address range of each application

One Vantage user dedicated to API access

The simplest approach is to create a single user. We recommend this approach when only one application connects to Vantage, or when multiple similar applications connect.

Create a single Vantage user for all third-party applications when:
  • The applications perform the same tasks in Vantage, and
  • The applications all need similar levels of access in Vantage, and
  • The applications all share a similar IP address range

Defining a single user for all your applications can simplify maintenance of application programming interface (API) access as it reduces the number of objects involved in the process.

Multiple applications with dedicated Vantage users

Your applications may differ from one another in several ways. The applications may perform different actions from one another, or they may be connecting from differing IP ranges. In such cases, we recommend that you create multiple Vantage users for API access. Devise an approach that requires the fewest number of user accounts. You may find that you need a dedicated user for each application, or you may see similarities that allow you to associate several applications with a single Vantage user.

Create multiple Vantage users for your third-party applications when:
  • The applications perform differing tasks in Vantage, or
  • The applications need different levels of access in Vantage, or
  • The applications connect from different IP address ranges
Defining dedicated users for your applications allows you to grant more precise access to each application that connects. For example, you can define an account that grants only access to view data, and one that has both view and update permissions. Therefore, you should:
  • Create keys on the read-write account for your applications that must make updates in Vantage
  • Create keys on the read-only account for those accounts that only retrieve data

This approach ensures that each connecting service is denied unnecessary access.