Public API and Apps¶
Afi Backup provides public API that can be used to manage and monitor Afi accounts in an automated way. Typical use-cases for Afi public API include automated backup and licensing status monitoring, as well as resource archiving.
To grant and manage access to the public API, Afi uses the concept of an app. Each app is associated with a set of permissions that defines the actions which can be performed on behalf of the application via the public API. This article discusses app setup and management, while the API reference and how-to guides for popular use-cases can be found in the API Documentation.
Application permissions¶
Currently, apps can be granted the following permissions:
- Read configuration - Read access to configuration and tasks (including, but not limited to, resources and protections, backup task statuses, and reporting data).
- Write configuration - Write access to configuration and tasks (including, but not limited to, assigning resource protections and triggering backup tasks).
- Billing access (for organization-wide applications) - Access to licensing status and license counts.
It's important to note that these permissions do not allow access to the actual backup data. While an app can manage backup jobs or access tenant settings, the backup data itself remains confidential.
Create an app¶
Apps can be created both as tenant (Service → Settings → Apps tab) and organization-wide (Configuration → Apps tab). Organization-wide apps are designed to access and manage all tenants under an Afi organization (Afi account) where they are installed. We advise to set up an organization-wide application as a default if you don't need to configure granular per-tenant access for your application in your Afi account.
To create an app, go to the Service → Settings → Apps tab or the Configuration → Apps tab in the Afi portal, then click the Create app button. This will open a dialog with the following parameters:
- Name - A unique name for the app (for example, Test-App-Company-Name).
- Logo - (optional) The app's logo.
- Description - (optional) A description of the app.
- App URL - (optional) A sign-in link to a third-party service that integrates with Afi through the app.
- Website - (optional) A website or landing page for the third-party service integrating with Afi via the app.
- Provider - Restrict app visibility to tenants of a specified kind (for example, only Microsoft 365 tenants)
- Roles - Permissions granted to the app for accessing tenants or organizations where it is installed. Please note that permissions can't be changed after the app creation.
After an app is created, it will appear in the Available Apps section and can be installed in the current tenant/organization.
Generate API keys¶
Once an app is created, you can generate a key for API access. To do so, click the Edit button next to the app, then click Generate key in the Keys section. This will prompt a dialog displaying the newly generated key. Please copy and save the key on your side in a secure location, as we don't store API keys on our side, only the corresponding key hash sums. Afi allows each app to have up to two keys simultaneously, enabling you to rotate keys or revoke compromised ones.
Please refer to the API Documentation for the available API calls and usage examples.
Install app¶
To allow the app to access your organization/tenant, you need to install it. Once the app is installed, it will be shown under the Installed Apps section.
Uninstall app¶
To revoke app access, click on the Manage button and then on the Uninstall button inside the dialog. Please note that revoking access may take up to several hours.