This article contains instructions specific to customers upgrade to Brillium 2022 (version 11) from earlier versions of Brillium and have developed solutions or utilized integration platforms using the Brillium API version 10 or earlier. Please reference the version number at the bottom of the Brillium application screen to confirm the specific version applicable.
Brillium 2022 (v11) - Post Upgrade Steps to Re-enable the Brillium RESTful API.
Brillium 2022 includes important security enhancements, which require changes to the Brillium API configuration.
Following the upgrade to Brillium 2022 (v11), customers using the Brillium API (or integration platforms like Zapier) will need to re-enable and update the API password, security token, and authorization token(s) used with external applications and integration platforms. To re-enable the Brillium API, the following steps will be required:
- Enable the API
- Create a new API Password
- Create a new API security token
- Generate a new Authentication/Authorization HTTP Header token (if applicable)
Starting with Brillium 2022 authorization tokens no longer use the primary Workspace ID, the API Password, and the Security Token. The Workspace ID must now use ASSESSMENTS-API. Because of this change, the Brillium 2022 will automatically disable the API, to ensure new API Password and Security tokens are generated.
Steps: Re-enable the Brillium Assessment Builder API
Follow the steps below to configure the Brillium Assessment Builder API.
- Sign into Brillium. The API can only be enabled using a user account with Assessment Builder Administrator privileges (for most organizations, this is the first Brillium user created).
- Select the Settings () icon.
- Select Workspaces from the menu The current workspace is shown in bold.
- The Brillium API must be configured from the Primary Workspace. The Primary Workspace is indicated by a () icon.
- If the Primary Workspace is not shown in bold lettering, right-click the Primary Workspace and select Enter from the menu, to enter the Primary Workspace and follow steps 1 through 3.
- Select API from the following menu.
- Select the Enable radio button.
- Enter an API Password in the Password field
- Re-enter an API password to confirm it is entered correctly.
- Select the Change button to generate an API Security Token. To view the Security Token, select the Show button.
- Record the API Password you entered, and the Security Token and store it in a safe place. You will need this information to access the API through your application.
- Click the Save button to save the configuration and enable API access to your Brillium data.
The API Password
It is important to note that the API Password is separate and distinct from the password you use to sign into Brillium. When a user password is changed, it will not affect the API password.
How to Change the API Password
To change the API password, return to the API Configuration screen and enter a new password and confirm it. Select the Save button to save the changes.
How to Change the Security Token
To change the Security Token, return to the API Configuration screen and select the Change button beside the Security Token field. Select the Save button to save any changes.
Create an Authentication/Authorization HTTP Header
To authenticate with the Brillium WebAPI, you must create an authorization token and include it within the HTTP headers for each API request. To create an authorization token, you use the API Namespace, the API Password, and the Security Token. The API namespace is shown on the API Configuration screen, and the API password and security token are defined “Enabling the Brillium Assessment Builder API” section above.
For example, assume the following values:
API Namespace: ASSESSMENTS-API
API Password: password123
Security Token: b6e60bfb08994be79e17e35656e3246e
The token is created by placing all elements together in a single text string with no spaces. The form of the token is as follows:
ASSESSMENTS-API:API Password and Security Token.
This authentication string needs to be Base-64 encoded. When completed, it should look similar to the following example:
This encoded authentication string must be included as an “Authorization” HTTP header within all API requests:
Authorization: Basic U1VQRVJTVURTOnBhc3N3b3JkMTIzYjZlNjBiZmIwODk5NGJlNzllMTdlMzU2NTZlMzI0NmU=