Knowledge Base

Alma and Primo VE offer integration capabilities with various third-party applications through APIs (Application Programming Interfaces). These APIs allow secure data exchange between Alma/Primo VE and external systems, enabling automation, enhanced functionality, and custom workflows. The integration requires API keys, which are secure authentication credentials that control access to these systems.

Only OLS staff are authorized to create and configure API keys through the Ex Libris Developer Network on behalf of the CUNY Libraries.

Requesting API Keys

When requesting an API key from OLS, please include the following information:

• Application Details:
  • Name of the application and/or developer
  • Purpose of the integration
• Required API Permissions:
  • Specific API areas needed:
    • Alma
      • Acquisitions (includes vendors, orders, invoices, funds, licenses)
      • Analytics
      • Bibliographic Records and Inventory (includes bibs, holdings, items)
      • Configuration and Administration
      • Courses
      • Electronic Resources (includes collections, services, portfolios)
      • Resource Sharing Partners
      • Task Lists
      • Users and Fulfillment
    • Primo
      • Primo Search
      • Primo Favorites
      • Public Key
      • Primo Configuration
      • Analytics
      • Primo Translations
      • Primo user JWT
      • Primo guest JWT
      • Primo Resource Recommender
      • Deep Links
  • Required permission level:
    • Read-only (retrieving data only)
    • Read-write (retrieving and modifying data)

If specific API requirements aren't explicitly mentioned in the application documentation, provide details about what data the application needs to access in Alma. Understanding the application's functionality helps OLS configure the API key appropriately.

OLS configures each API key with the narrowest possible permissions required for the application to function properly. This approach enhances security and reduces potential risks. Each API key is unique to your institution and to the specific parts of Alma that are allocated to that key.

API Key Security and Distribution

API keys are sensitive security credentials that provide access to your institution's Alma/Primo VE data. To maintain security:

1. After creating your API key, OLS will share it via a secure 1Password link. This link will expire within 1 week of creation.
2. While the sharing link expires, the API key itself remains valid until explicitly revoked.
3. API keys must never be shared in plaintext via email, Teams messages, chat, or other unsecured channels.
4. Store your API key in a secure password manager or encrypted system.
5. Only share the API key with staff members who are directly involved in implementing the integration.

If you're unable to access the 1Password link within the one-week timeframe, please contact OLS to request a new secure link. For security reasons, OLS cannot provide API keys through alternative channels.