It is possible to rotate the API credentials that TimeZest uses to communicate with HaloPSA. This should be done if there is the slightest suspicion that the credentials have been compromised, and can be done on a regular basis if your security management requires it.
Following this process will allow the API credentials to be rotated without any periods where customers will be unable to schedule with TimeZest.
You will need to be both a TimeZest administrator, and an administrator of your HaloPSA instance to perform the following steps.
Procedure
In HaloPSA, go to Configuration, then Integrations and select HaloPSA API. Click View Applications.
β
Click on the name of your TimeZest API, then click Edit.
Click the Generate button.
β
A new Client Secret will appear. Copy it, then click Save.
In TimeZest, in a new browser tab, go to Integrations then HaloPSA.
Paste the Client ID and the Client Secret in their respective fields.
β
Click Save Changes. TimeZest will test that the API key is able to access HaloPSA, and will save it and use it for all API calls if it does. You will be shown a notification that the update has been successful.
At this point, you may wish to verify that TimeZest is still correctly communicating with your instance of HaloPSA by sending a scheduling request to yourself, but it is not strictly necessary.
You may now close the newly created API Key in HaloPSA.
Finally, find the existing API key for the TimeZest API user, and delete it so that it can no longer be used.