Developer Documentation Library > Web API > Web API application
 
Web API application
Authentication
All users of the Web API must be authenticated by using either an Api-Key or an OpenID Connect bearer token.
For information about configuring and using API keys and OpenID Connect bearer authentication, see Getting started with the Web API.
For information about the authentication configuration properties, see DPM authentication configuration.
Authorization
The authentication of a client of the Web API establishes the identity of the user. The features of the Web API that the user can access is authorized by the activities enabled in the User Administration settings.
All users must have the “Web API” activity enabled.
To access to a specific feature (for example, Case Data, Participants, Quotas, or Interviewing Reports), a user must have the corresponding “Web API – feature” activity enabled.
Access to \Metrics endpoint is only possible for the DPM Administrator and OAuth2.0 clients who are authorized by the MetricsAuthorizedClients DPM property.
For example, for a user to execute queries of case data, they must be assigned the following activities:
Web API
Web API – Case Data
Web API – Case Data / Can query case data.
See
Versioning in the Web API
OpenApi specification
Using the Swagger UI with the Web API
Metrics for the Web API
Request/response formats for the Web API
Information that is logged by the Web API
Error handling by the Web API
Load balance requests to the Web API
CORS (Cross-Origin Resource Sharing) in the Web API
Configuring the Web API
Getting started with the Web API
OpenID Connect provider
Web API