Objective
Create an API-Only service account to be utilized by multiple users for a plugin or integration's Contrast service connection. API-Only users can access Contrast's REST API, but can not log in to the user interface.
Contrast does not recommend the creation of administrator API-Only accounts.
Process
Log in to the Contrast UI with the Organization Administrator role.
Click on your name/profile in the top-right of the UI and then select Organization Settings from the menu.
Select Users from the Organization Settings and click + Add User.
Configure the user. The Organization Role's recommended configuration is either Edit or View.
The Edit role will enable the API-Only user to remediate findings, add tags, manage vulnerabilities, edit attributes, merge applications, add or delete applications, and create servers.
The View role has read-only access to the Contrast interface to see scores, libraries, vulnerabilities and comments, but can't perform edits to traces to the application.
After entering the appropriate role in Organization Role, the user will also need to be configured with Role-based access to applications, either broadly or individually, via Application Access Groups(https://docs.contrastsecurity.com/en/organization-access-groups.html).
Add the user. Navigate back to the Users list under Organization Settings and get the Service Key from a text-box that will appear after hovering over the API Only text on the list.