User Management
User Management is used to control who can access the publicly available APIs of a project. On this page you invite users to access the APIs and apply access roles to these users. This page is not visible by default. API Publishing needs to be enabled to make it visible on the Home menu, This is done on the API Publishing page. where access roles are also defined.
Before you can invite users, you need to publish the project. See Publishing projects for details. An error will appear if the project is not published first.

Inviting users to a project

Once a project has been published, users can be invited to access the publicly available API endpoints in the project based.
For example, you can provide a URL to users for them to sign up to a Xapix account to access an API.
URL for users to sign up to a Xapix account
Alternately, you can invite users to access a project's API and assign them a specific access role.
Invite a user to access a project
To invite a user to a project, follow these steps.
  1. 1.
    From the Home menu, select User Management.
  2. 2.
    Click Invite API User, then on the Invite to <Project> page, enter the following:
    1. 1.
      A valid email address of the user.
    2. 2.
      User name
    3. 3.
      Company name
    4. 4.
      Select an access role from the available roles for the user.
  3. 3.
    Click Invite API User.
  4. 4.
    The <Project> Users page opens.
Invitation sent

Getting client credentials & access tokens

Xapix uses the OAuth2 client credentials flow to authenticate public API consumers. With this flow public API consumers are provided with client credentials (Client ID and Client Secret) which are valid until revoked. The client credentials need to be exchanged to a short-lived access token which can then be used to access the API.
When a user is invited to a published project, Xapix automatically generates client credentials for the new user of the project. You can see the Client ID and Client Secret on the API user's details screen after clicking the "Show" button under Options.
To exchange the client credentials to an access token, the API user needs to call the public OAuth2 token endpoint ( with the form parameters grant_type=client_credentials, client_id=<Client ID> and client_secret=<Client Secret>. As cURL this would look like the following:
export xapix_client_id=<Client ID> export xapix_client_secret=<Client Secret> curl \ -F client_id=$xapix_client_id \ -F client_secret=$xapix_client_secret \ -F grant_type=client_credentials
This returns a JSON response like the following in case the client credentials are valid:
To then invoke an API, provide the above access token as bearer token in the Authorization header of your request. As cURL this would then look like that:
curl \ --header 'Authorization: Bearer <access_token>' \ ... other parameters
API User Access Tokens have a short lifetime - For security reasons, the access token issued to users has a short lifetime of 15 minutes.