Setup advice and best practice
Atomic can be set up and configured to suit your needs, from separating production and pre-production concerns, to managing workbench members and API credentials.
Where to manage your Atomic configuration
The Atomic Workbench is the primary interface for configuring and managing your Atomic account, but we also enable your team to manage many aspects of your Atomic setup directly via our Admin API.
| Configuration | Manageable in Workbench | Manageable via API |
|---|---|---|
| Author a new Card | Yes | Not recommended. Note: Card definition JSON schema, while open, is considered private, and may change at any time. Our current recommendation is therefore to author new cards in the Workbench. |
| Add/update Card and legacy event definitions | Yes | Not supported |
| Manage Workbench Members | Yes | Not supported |
| Manage Admin API creds/secrets | Yes | Not supported |
| Manage Environments | Yes | Not supported |
| Manage Customer API creds/secrets | Yes | Yes. Note: IP Restrictions are a planned upgrade to this capability. |
| Manage SNS platforms | Yes | Yes |
| Manage Webhooks | Yes | Yes |
| Manage Streams | Yes | Planned |
| Manage Stream Containers | Yes | Planned |
| Manage Client Keys | Yes | Planned |
| Manage Themes | Yes | Planned |
| Manage Connectors | Yes | Not supported |
Environment configuration and access
Atomic customers are typically given one Organization. Each organization contains multiple Environments. Each Environment within an organization is a separate space, with separate configuration.
At a minimum, you will want a Production environment, and you can optionally have one or more additional environments to match your internal setup, for example, your Development, and Test environments.
Workbench members with the 'Environment' resource can manage your organization’s environments within the workbench.
Add an environment
Click the 'manage' button in the bottom left corner > Environment > Add environment.
To switch environments in the Workbench, select the drop-down menu near the top left corner in the workbench, and select the Environment you want to switch to.
Switch environments by selecting the dropdown menu in the top left corner
Managing API credentials
All API credentials are environment-scoped, and each credential is further scoped to the required context. This means you will need to create at least one pair of API credentials for each environment you wish to programmatically access. You can create as few, or many, API credentials as suits your workflow.
API credentials are not associated to with specific workbench members.
Only workbench members with the 'API Authentication controls' resource can manage API credentials within the Workbench. The 'view' permission allows listing the available credentials, 'edit' is required to create or delete and to view credential secrets.
API credentials may only be managed programmatically by a credential pair with the role auth, and may only rotate credential pairs with non-auth roles. auth credential pairs must be rotated manually in the Atomic Workbench.
There are three API credential scopes:
| Role | Authorized to |
|---|---|
| Auth | Used only to create and rotate other credentials |
| Workbench | Used to manage workbench resources such as cards and SNS platforms |
| Events | Used to create cards, and manage customers |
Managing workbench user access
Any workbench member invited to an organization is given access within the Environments based on their role, which can be configured to suit your specific needs in Permissions.
By default a new Atomic organization comes with three groups (Owner, Admin, and Editor), each with default permission levels outlined in the Permissions for Default Roles table.
Tips & Tricks
We've moved these into a separate Tips and tricks page.