Unifize Knowledge Base
  • Quickstart
    • Welcome to Unifize!
  • Getting started
    • Setting up your Unifize account
      • Signing up with invite link
      • Logging in with email
    • Quickstart demo
    • Key features & navigation
      • Records
      • Conversations
      • Checklists
    • First steps for new users
      • Creating a new record
      • Creating records from inbound email
      • Filling checklist metadata
      • Linking related records
      • Sharing conversations as email
      • Sending and receiving emails in Unifize
      • Inviting people
      • Changing your preferred language
      • Filtering records in My Inbox
      • Generating PDF reports
      • Creating custom reports
      • Creating custom dashboards
    • Using Unifize AI
  • Troubleshooting & support guide
  • User Guide
    • Definitions
      • Process
      • Record
      • Conversation
      • Report
      • Chart
      • Checklist
      • Org
    • Navigating the platform
      • Profile
      • My Inbox
      • Manage
      • Homescreen
      • Contacts
      • Direct Messages
      • Dashboard
    • Data & process management
      • File Management
      • Checklists & Forms
      • Rich text in checklist
      • Working with records
        • Due dates & priorities of a record
    • User & role management
      • Understanding roles & access
      • Managing permissions
      • Deactivating users
      • Team & organization
    • Mobile & web accessibility
      • Unifize Lite
      • Mobile app
      • Web app vs Unifize Lite
    • Security, compliance & infrastructure
    • Personalizations
      • Set your profile picture
      • Reset your Passwords
      • Customizing Homescreen
      • Set your email notification preferences
    • File upload
      • SharePoint
        • Configuring SharePoint on Unifize
        • Using SharePoint on Unifize
    • SSO
      • Logging in with SSO
      • SSO using SAML
    • Process Builder
      • Checklist
        • Picklist
          • Picklist field in Checklist
  • Product Help
    • Unifize Document Management System (DMS)
      • Document Control
      • Change Control
      • Training Management
      • Onboarding guide for DMS
      • Troubleshooting & support guide for DMS
  • Admin Guide
    • Multi-language translation support
      • Enabling and configuring language support
      • Managing user language preferences at scale
      • Using the translation editor to customize UI
    • Customization & configuration
      • Configuring processes
      • Configuring revision fields
      • Configuring approval workflows
      • Configuring reminders on processes
      • Checklist layout settings
      • Custom language settings
      • Creating a chart from reports
      • Configuring Microsoft Office 365
        • Permissions required for SharePoint
  • Developer Documentation
    • Introduction
      • Concepts & terminologies
    • Authentication
      • App management
      • App tokens
    • Usage
      • Fair usage policy
      • Testing environment
      • Quickstart
    • API Reference
      • Applications
      • Processes
      • Records
      • Field values
  • RELEASE NOTES
    • February 2025
    • March 2025
    • April 2025
      • Rich Text Fields in Checklist
      • Filling Checklist Metadata with AI
      • 'My Conversations' is now 'My Inbox'
      • Feature Enhancements
Powered by GitBook
On this page
  • Creating an app
  • Crafting token request JWT
  • Requesting a token
Export as PDF
  1. Developer Documentation
  2. Authentication

App tokens

Learn about how app tokens work.

In the Unifize platform, token generation adheres to the two-legged OAuth2.0 protocol, which is particularly useful for applications needing to authenticate and authorize without direct user involvement.

Creating an app

The process kicks off with a developer creating an app within the Unifize environment. Upon successful creation, the developer is provided with two crucial pieces of information: an app id and a private key. These elements are fundamental to the token generation process, which forms the backbone of secure communication between the app and Unifize's APIs.

Crafting token request JWT

The next step involves constructing a JSON Web Token (JWT), which serves as the vehicle for requesting an access token. Within this JWT, three essential claims are defined.

  • The iss claim represents the app id, uniquely identifying the app making the request.

  • The iat claim specifies the issued-at timestamp, reflecting the current time in seconds based on Coordinated Universal Time (UTC).

  • The expclaim indicates the expiration of the token, set to the value of iat plus 600 seconds, establishing a 10-minute validity window.

The JWT must be signed using the RSA 256 algorithm, which relies on the app's private key. This cryptographic signature validates the authenticity of the request.

Requesting a token

Having constructed and signed the JWT, the application proceeds to the token request phase. This involves making a POST request to the /application/token endpoint, accompanied by an Authorization header populated with the value Bearer <JWT>. This header encapsulates the JWT, signaling to the server that the request is made on behalf of a trusted entity.

Upon successful validation, the server responds with an access token and its associated expiration timestamp. This access token acts as a digital key, enabling the application to perform authorized actions on the Unifize platform.

Consequently, the application can now interact with various APIs by including the Authorization header, formatted as Bearer <access_token>, to authenticate each request seamlessly.

PreviousApp managementNextUsage

Last updated 1 month ago