Skip to main content
  • Data Collaboration Platform Documentation
  • Administration
  • Manage Service Accounts

Manage Service Accounts

If you have the User Manager or Super User role, you can create and manage service accounts for your organization. Service accounts are used to call LiveRamp APIs without a person needing to log in. When you create a service account, a secret key is generated which can be used to authenticate with APIs.

A user with the User Manager or Super User role will have access to the Accounts and Service Accounts sections located within the Administration menu.

Tip

To see your roles, click the user icon on the top right-hand side of any screen and select My Profile.

Accounts___SA.png

If you want to add user accounts for people to log in to the Data Collaboration Platform and access your organization, see Manage Accounts and Their Roles.

Key Differences with User Accounts

A user account represents a person with an email address. They are able to log in and perform tasks in your organization based on the roles granted to them by the User Manager.

Service accounts are created to allow programmatic access to APIs. They don't have traditional passwords and cannot be used for sign-ins. A service account is not attached to an email. Service account credentials are valid as long as the service account remains 'Active' and has not been deactivated or deleted.

Service Accounts Workflow Overview

You can create a service account to enable programmatic access to your organization. The workflow is as follows:

  1. You or someone in your organization creates a service account and saves the auto-generated secret key.

  2. You add the service account to your organization and grant it a role to define its access.

  3. You can now make authorized API calls by using the service account’s credentials to generate an access token.

Create a Service Account

When you create a service account, a secret key will be generated which you can use together with the service account name to generate an access token.

  1. Go to Admin -> Service Accounts.

  2. Click Create Service Account.

    Create_SA.png

  3. Enter a name for the service account.

    Note

    LiveRamp automatically generates the remaining service account name in the following format: <service_account_name>_<autogenerated_id>@<org_id>.v2.serviceaccounts.liveramp.com.

  4. Click Create.

  5. A secret key will be automatically downloaded to your PC. Make sure to keep it somewhere secure as it will not be retrievable again. Click I saved the secret key to confirm.

A service account is created with the status 'Active' and the secret key becomes valid. You must now grant the service account at least one role to allow it access to your organization. See Add Accounts With Roles to learn how.

Once the service account has the proper access to your organization, you can use its name and secret key to generate the access token. You can then pass the access token as a Bearer token in the Authorization header to make authorized API calls.

Deactivate Service Accounts

You can disable a service account to prevent it from generating new access tokens.

  1. Go to Admin -> Service Accounts.

  2. Hover on a service account and click the more-options-icon.png icon on the far-right side.

    Active_-_more_details.png

  3. Select Deactivate. Deactivate Service Account pop-up appears.

    Active-Deactivate.png

  4. Click Deactivate.

    Deactivate_confirm.png

The service account is now in 'Inactive' status. Note that any existing access tokens can still be used to authenticate for the remainder of the access tokens' 30-minute lifespans.

Tip

If you need to immediately remove the service account's access to LiveRamp APIs, you can revoke the associated roles from the service account. See Edit Roles to learn more.

Reactivate Service Accounts

Inactive service accounts can be reactivated again, allowing them to generate access tokens.

  1. Go to Admin -> Service Accounts.

  2. Hover on a service account and click the more-options-icon.png icon on the far-right side.

    Inactive_-_more_details.png

  3. Select Activate. Activate Service Account pop-up appears.

    Inactive_-_Active.png

  4. Click Activate.

    Activate_confirmation.png

The service account is now in 'Active' status. Its name and secret key can now be used to generate access tokens.

Delete Service Account

Deleting a service account will render its secret key permanently invalid, preventing you from generating new access tokens. This action cannot be undone.

  1. Go to Admin -> Service Accounts.

  2. Hover on a service account and click the more-options-icon.png icon on the far-right side.

    Inactive_-_more_details.png

  3. Select Delete. Delete Service Account pop-up appears

    Remove_Account.png

  4. Click Confirm.

    SA_delete_-_confirm.png

The service account is now removed from the Service Accounts page. Note that any existing access tokens can still be used to authenticate for the remainder of the access tokens' 30-minute lifespans.

Tip

If you need to immediately remove the service account's access to APIs, you can revoke the associated roles from the service account. See Edit Roles to learn more.

In this section: