|Acrolinx Server||4.5, 4.6, 4.7, 5.0, 5.1, 5.2|
Scorecard and Report Security
You can secure access to Scorecards and reports by enabling Scorecard and report security in the core server properties. When this feature is enabled, Scorecards and reports are protected with an API key that gives anyone access for one hour. After that, anyone who wants to open an expired Scorecard or report link must log in to Acrolinx and have the appropriate privilege to view Scorecards and reports.
This is important to take into account when you send links to Scorecards in e-mails or chat messages. Suppose that someone tries to open your link one hour after you sent it. In this case, they'll be asked for their Acrolinx login before they can see the Scorecard. This will also happen if you try to send a Scorecard link without an API key appended to the URL.
After they've logged in, the server will also check to make sure that the person who opened the report has the appropriate privilege to the view the Scorecard.
The following reports are protected by this API key:
The following developer and debugging resources are also protected by this key:
- The JSON-based Scorecard which is used by web-based integrations.
- The raw text of the check request.
- The properties that were sent as part of the check request.
Granting Permanent Access to Scorecards and Reports
When this feature is enabled, anyone can open a Scorecard link up to an hour after it was generated. But what if writers need permanent access to their Scorecards? Luckily, anyone who as the privilege "Check documents" automatically gets the privilege "View Scorecards and reports" as well. In other words, if you can check your text, you'll always have permanent access to Scorecards and reports.
For anyone else who isn't lucky enough to have the "Check documents" privilege, you can still give them permanent access to Scorecards. Just give their user account a role that includes the privilege "View Scorecards and reports". You'll find this privilege in the "Checking and clients" section of any role.
Enabling Scorecard and Report Security
You can enable this feature with the core server property privacy.secureReportDownloads .
This setting configures the server to append the Scorecard and other resource URLs with API keys so the Scorecards expire after one hour.
It also means that you need the privilege "View Scorecards and reports" to open an expired Scorecard.
To enable Scorecard and report security, follow these steps:
Open your overlay of the core server properties file.
You find the overlay for the core server properties file in the following location:
Add the following line:
You can always disable the feature later by removing the property again. You might disable this feature if you or your writers run into technical issues opening Scorecards. For example, if your organization uses a proxy server, the API keys can occasionally get corrupted and the Scorecards won't open. If this happens to you, remove the property.
- Save your changes and restart the core server.