There is documented information on account usage but this document is designed to clarify a particular point:
There are two passwords associated to an App Synthetic Monitor (ASM) account, one for the web portal and one for the API.
Here are some details on when to use them.
This password is primarily used to login to the ASM web portal at http://asm.ca.com to view and administer your account data.
Both the web portal password and the API password can be managed in the Subscription > Change Password section of the portal
This password is used to access the API. if using your web portal password with the acct_login call in the API you will get an error like this;
A valid authentication will have a code 0 like this and you would be able to use the nkey value created from the acct_login operation to perform other API calls.
(The example token has already expired: they are only valid for 15 minutes but you can use the acct_token API call to create a permanent token)
The same API password is also used by the Cloud Monitor Agent that reports data to the APM Enterprise Manager.
The API password is also entered during installation of an on-premise monitoring station (OPMS).
As a final note on passwords, the API password can become locked if it is used incorrectly for a repeated amount of times.
For example. the CloudMonitorAgent would report an error like this:
CloudMonitorIntegration.CloudMonitorAgent] Problem while getting global Cloud Monitor data (lists of monitors and checkpoints): com.wily.apm.cloudmonitor.cmconnector.rest.RestConnectionProblem: Cloud Monitor query returned the following error: account locked, login on website to unlock authentication error
NOTE: The solution is to login to the web portal and logout again to unlock the API account.
The API password cannot be unlocked from the API itself.
This is the way that we can authenticate you. If the locking keeps on happening and you have verified the API password is correct for every location it is used, please contact CA Technical Support and we will be able to give you the IP address of the machine that is causing the API to be locked.