Unifize Knowledge Base
  • Quickstart
    • Navigation
    • Introduction to Unifize
  • Getting Started
    • Setting up your Unifize Account
      • Signing up with invite link
      • Logging in with email
    • Key Features & Navigation
      • Records
      • Conversations
      • Checklists
    • First Steps for New Users
      • Creating a new record
      • Filling checklist metadata
      • Linking related records
      • Customizing Homescreen
      • Sharing conversations as email
      • Creating records from inbound email
      • Changing your preferred language
  • Troubleshooting & Support Guide
  • Platform Help
    • Definitions
      • Process
      • Record
      • Conversation
      • Report
      • Chart
      • Checklist
    • Navigating the Platform
      • Profile
      • My Inbox
      • Manage
    • Data & Process Management
      • Checklists & Forms
    • User & Role Management
    • Mobile & Web Accessibility
    • Security, Compliance & Infrastructure
  • Product Help
    • What is a Product
  • Release Notes
    • Q1 2025 Release Notes
  • Configure & Admin
    • Multi-Language Translation Support
      • Enabling and Configuring Language Support
      • Managing User Language Preferences at Scale
      • Using the Translation Editor to customize UI
    • Customization & Configuration
      • Custom Language Settings
      • Checklist Layout Settings
  • Developer Documentation
    • Introduction
      • Concepts & Terminologies
    • Authentication
      • App Management
      • App Tokens
    • Usage
      • Fair Usage Policy
      • Testing Environment
      • Quickstart
    • API Reference
      • Applications
      • Processes
      • Records
      • Field Values
Powered by GitBook
On this page
  • Creating an app
  • Crafting token request JWT
  • Requesting a token
  1. Developer Documentation
  2. Authentication

App Tokens

Learn about how app tokens work.

In the Unifize platform, token generation adheres to the two-legged OAuth2.0 protocol, which is particularly useful for applications needing to authenticate and authorize without direct user involvement.

Creating an app

The process kicks off with a developer creating an app within the Unifize environment. Upon successful creation, the developer is provided with two crucial pieces of information: an app id and a private key. These elements are fundamental to the token generation process, which forms the backbone of secure communication between the app and Unifize's APIs.

Crafting token request JWT

The next step involves constructing a JSON Web Token (JWT), which serves as the vehicle for requesting an access token. Within this JWT, three essential claims are defined.

  • The iss claim represents the app id, uniquely identifying the app making the request.

  • The iat claim specifies the issued-at timestamp, reflecting the current time in seconds based on Coordinated Universal Time (UTC).

  • The expclaim indicates the expiration of the token, set to the value of iat plus 600 seconds, establishing a 10-minute validity window.

The JWT must be signed using the RSA 256 algorithm, which relies on the app's private key. This cryptographic signature validates the authenticity of the request.

Requesting a token

Having constructed and signed the JWT, the application proceeds to the token request phase. This involves making a POST request to the /application/token endpoint, accompanied by an Authorization header populated with the value Bearer <JWT>. This header encapsulates the JWT, signaling to the server that the request is made on behalf of a trusted entity.

Upon successful validation, the server responds with an access token and its associated expiration timestamp. This access token acts as a digital key, enabling the application to perform authorized actions on the Unifize platform.

Consequently, the application can now interact with various APIs by including the Authorization header, formatted as Bearer <access_token>, to authenticate each request seamlessly.

PreviousApp ManagementNextUsage

Last updated 8 days ago