The application user is a user which is used by applications to interact with the web services.
The main difference to a human user is that the application user can authenticate without a password. The application user has to sign each request sent to the web service with a pre-shared secret. For details about how to sign those request, please take a look at the corresponding documentation about the web service authentication.
Each application can have exactly two such pre-shared secrets. This allows to change/replace the secret without downtime. E.g. a new secret can be generated and some time later the secret can be updated in the client application. However, in the mean time, the web service will accept requests signed with the old secret.
Application users have roles. Each role grants different permissions to the user. When creating and assigning roles you have to keep in mind that each role is context specific. There are access rights that are bound to the context of a space or an account. You can assign the role only in such a context.
You can generate new authentication key in the managing application user view in case you lost the old key or when you want to replace it. After the migration is finished you can deactivate the old key. This allows you to use different key versions at the same time.
An application user can have the following states:
When the state is set to Active
this user can login and execute actions.
When the state is set to Inactive
this user can not login. However, all the information is kept and the user can be activated later.
The user is in the process of the deletion. This may take some time until the user is marked as Deleting
before being marked as Deleted
.
The user is deleted. Since the user is linked with data which cannot be deleted immediately, we need to keep the user until all the data can be removed.