Tines

When a user creates a Tines API key, there are several levels of access they can set during creation:

Tenant owner: Access to the entire tenant

Team: Role-based access to a specific team on the tenant

Service: Access to <a href="https://www.tines.com/docs/admin/user-administration/#tenant-permissions" rel="nofollow noopener noreferrer" target="_blank">tenant permissions</a>

Personal: A key tied to your identity and permissions

- Tenant owner: Access to the entire tenant
- Team: Role-based access to a specific team on the tenant
- Service: Access to <a href="https://www.tines.com/docs/admin/user-administration/#tenant-permissions" rel="nofollow noopener noreferrer" target="_blank">tenant permissions</a>
- Personal: A key tied to your identity and permissions

Note: The level of access the user can select at the time of the API key creation also depends on the user's permissions within the <a href="https://www.tines.com/docs/admin/user-administration/#permissions" rel="nofollow noopener noreferrer" target="_blank">tenant</a>/<a href="https://www.tines.com/docs/admin/teams/" rel="nofollow noopener noreferrer" target="_blank">team</a>:

Let's look at an example. We have a user named Jane Tino, who, within their tenant, is a tenant owner and also a <a href="https://www.tines.com/docs/admin/teams/#_1-team-admin" rel="nofollow noopener noreferrer" target="_blank">team admin</a> of "Team Automation". This would give Jane access to all four access levels mentioned above.

Within Team Automation, Jane creates Tines API keys for each level as <a href="https://www.tines.com/docs/credentials/" rel="nofollow noopener noreferrer" target="_blank">credentials</a>.

If Jane's account is active in the tenant, all four API keys will work as intended.

If Jane's account exists in the tenant but is deactivated, the Personal API key will break (returns a <code>401</code> status code), while the other three will still work as expected. If Jane's account is re-activated, the Personal API key will continue working again.

If Jane's account is completely deleted from the tenant, the Personal API key will break (returns a <code>401</code> status code), while the other three will still work as expected.

If Jane is reinvited back to the tenant, the Personal API key will not work (returns a <code>401</code> status code), while the other three will still work as expected.

- If Jane's account is active in the tenant, all four API keys will work as intended.
- If Jane's account exists in the tenant but is deactivated, the Personal API key will break (returns a <code>401</code> status code), while the other three will still work as expected. If Jane's account is re-activated, the Personal API key will continue working again.
- If Jane's account is completely deleted from the tenant, the Personal API key will break (returns a <code>401</code> status code), while the other three will still work as expected.
- If Jane is reinvited back to the tenant, the Personal API key will not work (returns a <code>401</code> status code), while the other three will still work as expected.

In summary, when a user is deactivated or removed entirely from the tenant, the only API key that stops working is their Personal API key. Even if they are re-invited to the tenant, the Personal API key from before will still not work.

Understand Tines API key behavior around user account statuses.