OpenID

OpenID Applications are the most basic type of applications, mainly used for authorization processes.
Once an app is authorized for a user (business), it can generate an access token that will be used as an API token, scoped to the specific business that was authorized.

You can also use this app type to secure your internal API token; thus, if you want to allow 3rd party developers to develop on your behalf, you may create an OpenID app instead of sharing your internal API token and risking security.

Here's a step-by-step process for creating an OpenID application:

Step 1: API token

Make sure you have your directory API token.

Step 2: Create an app

This is the barebone info needed for creating an app of type OpenID:

curl --request POST \
     --url https://api.vcita.biz/platform/v1/apps \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer {YOUR_TOKEN}' \
     --header 'Content-Type: application/json' \
     --data '
{
     "name": "My app",
     "redirect_uri": "https://some-redirect-uri.com",
     "trusted": "true"
}
'

Response:

{
  "data": {
    "app_code_name": "myapp",
    "app_id": "u5435fdh57d",
    "client_id": "e0faca0a2bca52368adfd0ac6035c7a596fbcdaa1390c7fa9af83f230f29",
    "client_secret": "4095d7bf3f7ec355be4ab32b7320bb4e4b3e1097ddae83cce05b479",
    "name": "My first app"
  },
  "status": "OK"
}

πŸ“˜

redirect_uri

Following the OAuth2 protocol specifications, you'll need to configure an endpoint on your end that the user will be redirected to once the OAuth handshake is completed.

More information can be found in the OAuth guide.

Step 3: Storing the client_id and client_secret

Store the app_code_name, client_id, and client_secret on your DB for future use.
There will be no way of retrieving the client_id and client_secret later on.

Note: the app_code_name is created based on the app name.
In cases where an app with the same code name already exists, a post-fix string will be added to the app_code_name.

Step 4: Usage

Now that you have created an app and received the client id and client secret, you can use those for completing an OAuth flow, as described here.

Updated about 2 months ago