It is possible to rotate the API credentials that TimeZest uses to communicate with ConnectWise PSA. This should be done if there is the slightest suspicion that the credentials have been compromised, and can be done on a regular basis if your security management requires it.
Following this process will allow the API credentials to be rotated without any periods where customers will be unable to schedule with TimeZest.
You will need to be both a TimeZest administrator, and an administrator of your ConnectWise PSA instance to perform the following steps.
Procedure
In ConnectWise PSA, go to System, then Members, then click on the API Members tab.
โ
Click on the name of your TimeZest API user, then click on API Keys.
Click on the Plus icon to add a new API key, and give it a name. We recommend something like "TimeZest API Key 20220504" so that it's clear the API key is for TimeZest, and includes the date it was created. Click Save, but do not close the screen. The public and private API keys will be displayed.
In TimeZest, in a new browser tab, go to Integrations then ConnectWise.
Copy the Public Key from the newly created API Key to the Public API Key field, replacing the existing value. Copy the Private Key from the newly created API Key in ConnectWise PSA to the Private API Key field.
Click Save Changes. TimeZest will test that the API key is able to access ConnectWise PSA, and will save it and use it for all API calls if it does. You will be shown a notification that the update has been successful.
At this point, you may wish to verify that TimeZest is still correctly communicating with your instance of ConnectWise PSA by sending a scheduling request to yourself, but it is not strictly necessary.
You may now close the newly created API Key in ConnectWise PSA.
Finally, find the existing API key for the TimeZest API user, and delete it so that it can no longer be used.