Skip to content

Service accounts

Service accounts are special users that software programs impersonate to make authorized calls to the Platform's back office API. The back office API is the one described in the Swagger UI page accessible form the user menu.


Service accounts are not used for authenticating NL Flow API calls, because NL Flow API authentication is based on API keys.

To manage service accounts, select the Service accounts tab in the left panel of the Users tab of the administration dashboard.

Add a new service account

A service account is identified by a client ID.

To add a new service account:

  1. Select New service account.
  2. In the Create Service Account panel, enter user data and user's role then select Create.

    A confirmation dialog displays the client secret.

    The client secret must be used to authenticate the API calls.

  3. Select Copy to clipboard to copy the client secret to the clipboard, then paste it in a safe place.


    The client secret is displayed just once after the creation of the service account, it cannot be recovered later, so it is necessary to save it in that moment.

Search for a service account

Enter the search criteria in the search box above the list in the left panel, then press Enter.

To reset the search criteria, select the X icon inside the search box.

Edit and delete a service account

Select a user in the left panel, then, in the Edit Service Account panel on the right, then:

  • To change editable information, just enter new values in the corresponding fields.
  • To deactivate and re-activate the account, use the Active service account toggle switch.
  • To change the user's role, select the new role from the Role drop-down menu.
  • To turn the account expiration on and off, use the Access expiration toggle switch. When account expiration is turned on, you set the Expiration date field.
  • To generate a new client secret, in the case you have lost it, select Regenerate, The old client secret will be invalidated.
  • To delete the service account, select Delete.

Client authentication

The authentication mechanism to use the Platform back office APIs is OAuth 2.0 with the Client Credentials grant type.
In OAuth 2.0 jargon, a Platform service account is a registered application. The data to be specified to obtain the authorization token are therefore:

  1. Client ID
  2. Client secret

The token must be requested at the URL that corresponds to the value of the Access Token URL property.

Share projects with a service account

You can share:

with service accounts, allowing them to interact with the projects programmatically.

Allowed actions for the service account with which you share the project can be set in the Sharing tab of the project settings dialog.