• Type - select Business Intelligence API.
• Account name - enter a unique account name. Click to copy the value to your clipboard.

  Note:

  API accounts can't be used to sign in to Reporting and Analytics. An Invalid credentials error message is displayed.
• Email - enter the account owner’s email address. The welcome email and password reset email are sent to this address.
• Connection Details - displays the Enterprise Short Name, Authentication Server, and Application Server which are needed to connect to the API. The Client ID is generated when a new account is created and is also needed to connect to the API. Click to copy the individual values to your clipboard.
• Add Redirect URL (Optional) - redirect URLs are part of the OAuth flow. After an application is authorized, the authorization server redirects the user to this redirect URL location. It is important to add the redirect URL so that the sensitive information included in the redirect URL only goes to the location you specify. The redirect URLs are used in:
  • Authorize endpoint - when the OAuth flow is started using the /authorize endpoint, it directs the caller to the service's authorization endpoint. Several parameters are included in the request, including a redirect URL. The server validates this redirect URL to confirm that it is a URL added as a redirect URL for this account.

  • Token endpoint – the request to the /token endpoint includes a redirect URL and the authorization code.

  Click Add Redirect URL, enter the URL, and then click Add.

• Location Authorization Scope - select Level or Location.
  • Level - lets you choose an organizational level. Select a level to grant access to all locations underneath that level in the organizational hierarchy. That is dynamically updated whenever locations are added or removed from the hierarchy.
  • Location - lets you choose one or more individual locations. The list is not dynamically updated whenever a new location is added to the system. Use this option if a partner or integrator needs access to specific locations and if assigning them to a level would grant access to more locations than desired.
• Data Access Permissions - the following table describes permissions for totals and point of sale definitions. Assigning any one of the permissions to an API account also grants the API account access to all the point of sale definitions.

  Data Access Permission	Grants Access to
  Sales and Operations	All the operational daily totals, guest checks, non-sale transactions, journal log, and control totals.
  Kitchen Performance	Kitchen display system's performance details.
  Cash Management	Cash management and cash management adjustment details.
  Employee Performance	The person’s daily totals.
  Labor General	Job code daily totals and time card details.
  Fiscal	Fiscal invoice data, totals, and invoice control data.
  Extensibility	Guest check extensibility data.
  Employee Time Card Details and Pay Rates	Time card details.

  The following table describes permissions for definitions only.

  Data Access Permission	Grants Access to
  Point-of-sale definitions	All point of sale definitions.
  Personal Identifiable Information	Definitions with personal identifiable information.

A unique Client ID value is generated for the API account. Use the ID to authenticate the API account before making API calls. You can retrieve an ID for an account by searching for the account on the API Accounts page and then clicking the account.

The owner of the API account receives a welcome email with instructions on how to set the password for the account.