To use Web Services API, you must have at least one Web Services Profile in your Caspio account. Similar to users, each Web Service Profile may be given specific permissions to create and access tables, views, files and file folders in the corresponding Caspio account. However, unlike users, Web Services Profiles cannot log into Caspio interactively.

To create a Web Services Profile, select Account from the top navigation bar and select Access Permissions, then click on New Profile. You will be redirected to a form in which you can create your Web Services Profile. Caspio supports REST protocol. 

Creating a REST API Profile

To create a REST API profile, you will need to provide the following information:

  • Profile Name: Required – This is used to identify this profile in the Caspio platform user interface.
  • Description/Purpose: Profile description.
  • First Name: First Name of the person managing and using this REST profile.
  • Last Name: Last Name of the person managing and using this REST profile.
  • Email Address: Required – Email of the person managing and using this REST profile.
  • Protocol: Should be set to REST.

The following information will be available to you for using in your REST API client or program:

  • Token Endpoint URL: Caspio OAuth 2.0 Token Endpoint
  • Documentation URL: Link to Swagger UI
  • Client ID: REST API Profile’s username. It is generated automatically.
  • Client Secret: REST API Profile’s password. It is generated automatically.
  • Permissions:
    • Enable access to all objects – Give the profile access to all Tables, Views, Files and File Folders in your Caspio account.
    • Profile can create objects – Allow the profile to create Tables, Views, DataPages and upload Files.

Detailed control over the permissions of this profile is available after the profile is created, from the Web Services Profiles listing page.

Optional IP Restrictions

  • Default Access: Web Services profile access to Caspio  can be limited based on client’s IP. Use this option to grant or deny access.
  • IP Address Filtering: Insert or manage the IP address filtering.

At anytime you can regenerate Client ID/Secret pair but all it will invalidate all previously generated tokens.