Authorize third-party applications to make API calls

Orange Logic can integrate with a variety of third-party applications, giving users a seamless workflow across products. However, there might be times when instead of a full integration, you want to give a third-party application temporary access to Orange Logic to make changes via API on behalf of a user.

Here’s how it works:

1. You or an Orange Logic administrator creates an account for the third-party application and configures the account for OAuth 2.0 authentication.
2. You authorize the third-party application by running the authorization call.
3. You create authentication tokens for the third-party application with an authentication call.
4. When a user working in the third-party application activates the integration:
   1. The third-party application contacts Orange Logic using the authentication tokens you created.
   2. Orange Logic prompts the user to log in.
   3. Orange Logic prompts the user to authorize the third-party application.
   4. Orange Logic sends the user’s access token to the third-party application.
5. With the user’s access token, the application calls Orange Logic APIs on behalf of the authenticated user.

ℹ️

Notes

• When authorizing third-party applications, the user can log in to Orange Logic as usual, via SSO or with a username and password.
• OAuth 2.0 is deactivated by default. To activate this feature, Orange Logic administrators can submit a support request. After the feature is activated, you can complete the steps below.

Set up Orange Logic to allow users to authorize third-party application access:

1. Create an account for the third-party application.
   • You can do this with the OAuth 2.0 client registration endpoint.
   • Alternatively, an Orange Logic administrator can create the account in the Orange Logic interface.
2. Authorize the third-party application by running the authorization call.
3. Create authentication and refresh tokens with an authentication call.

Security Functions for working with third-party application accounts

Users who run APIs to work with third-party application accounts need the OAuth Client Applications Security Function.

In addition, the following Security Functions control what information a user can retrieve from an application account:

• OAuth Client Application accounts
• OAuth Client Application account events
• OAuth Client Application account collections
• OAuth Client Application account searches