In the Unifize platform, token generation adheres to the two-legged OAuth2.0 protocol, which is particularly useful for applications needing to authenticate and authorize without direct user involvement.

Creating an app

The process kicks off with a developer creating an app within the Unifize environment. Upon successful creation, the developer is provided with two crucial pieces of information: an app id and a private key. These elements are fundamental to the token generation process, which forms the backbone of secure communication between the app and Unifize's APIs.

Crafting token request JWT

The next step involves constructing a JSON Web Token (JWT), which serves as the vehicle for requesting an access token. Within this JWT, three essential claims are defined.

• The iss claim represents the app id, uniquely identifying the app making the request.

• The iat claim specifies the issued-at timestamp, reflecting the current time in seconds based on Coordinated Universal Time (UTC).

• The expclaim indicates the expiration of the token, set to the value of iat plus 600 seconds, establishing a 10-minute validity window.

The JWT must be signed using the RSA 256 algorithm, which relies on the app's private key. This cryptographic signature validates the authenticity of the request.

Requesting a token

Having constructed and signed the JWT, the application proceeds to the token request phase. This involves making a POST request to the /application/token endpoint, accompanied by an Authorization header populated with the value Bearer <JWT>. This header encapsulates the JWT, signaling to the server that the request is made on behalf of a trusted entity.

Upon successful validation, the server responds with an access token and its associated expiration timestamp. This access token acts as a digital key, enabling the application to perform authorized actions on the Unifize platform.

Consequently, the application can now interact with various APIs by including the Authorization header, formatted as Bearer <access_token>, to authenticate each request seamlessly.

Unifize apps are vital components for securely engaging with Unifize APIs, providing a structured way to perform programmatic actions through the use of specially designated bot users. Each app is intrinsically linked with a bot user, which means that any API requests made through the app's authentication process are executed on behalf of this user, maintaining clear accountability and operational integrity throughout the Unifize environment.

After an app is created, developers are provided with a set of authentication credentials, which include an App ID and an RSA private key (which must be stored securely). Alongside these credentials, developers can define specific permissions for their apps, allowing for precise control over what operations the app can perform. This permission setting is crucial for security, as it ensures the app conducts only those tasks for which it is explicitly permitted, thereby minimizing risks.

Additionally, while the current system doesn't allow developers direct control over customizing the bot user's display name and profile picture, this will be exposed in the future and can be done by contacting the Unifize team.

At this stage, the ability to create apps lies solely with the Unifize team, and developers who wish to integrate, need to initiate a request by contacting us via email.

Before integrating with Unifize, your app must be authenticated. This section explains how to manage apps, generate tokens, and securely authorize API calls—ensuring the right access levels for the right systems.

Explore

Every Unifize integration starts with authentication. Use this section to set up apps, generate tokens, and ensure your API usage is both secure and scoped.