Programmatic User – a Secure way to Work with the API

Programmatic User and API Access

External system integrations with Teamogy are implemented using the Teamogy API.
Access to the API is secured via an API token (API key).

Each API token is always associated with a specific user in Teamogy and inherits all permissions assigned to that user.
From the system perspective, all API operations are processed in the same way as actions performed manually by the associated user in the Teamogy application.

For this reason, the choice of the user under which the API token is generated is critical.

API tokens inherit the full permission set of the user they are linked to.
Therefore, personal user accounts (e.g. company owners, accountants, administrators) are not suitable for API integrations.

Using a personal user account for API access introduces the following risks:

1. The API token inherits permissions that are often broader than required for the integration.
2. The token holder (for example, an external developer or integration provider) may gain access to all data available to the personal user account.
3. System activity is no longer clearly distinguishable between actions performed by a human user and actions executed by an automated integration.
4. Token management becomes complex in cases such as role changes, user deactivation, or security incidents.

For security and operational reasons, the use of personal user accounts for API integrations is strongly discouraged.
Personal user accounts are not intended for API communication.

Teamogy therefore supports the use of a Programmatic User.

A programmatic user is a dedicated technical account intended exclusively for API access and system integrations.

Characteristics of a Programmatic User

1. Fully separated from personal user accounts.
2. Hidden from standard Teamogy usage (not available in user selections, lists, or overviews).
3. Assigned explicitly defined permissions limited to the scope required by the integration.
4. API tokens generated under a programmatic user are easy to manage, control, and audit.

This approach follows the principle of least privilege:

An integration should be granted only the permissions necessary for its intended functionality.

Click to read more – How to create a Programmatic user

Get in Touch

If you have problem or need further assistance, do not hesitate contact Teamogy Support. Use online chat (inside Teamogy or everywhere on www.Teamogy.com in the lower right corner) and you will get prompt reply.