OpenID

Applications of the type "OpenID" are the most basic type of applications, mainly used for authorization processes.
Once an app is authorized for a user (business), it can generate an access token that will be used as an API token, scoped to the specific business that was authorized.

You can also use this kind of app for securing your internal API token, thus if you want to allow 3rd party developers to develop on your behalf, you may create an OpenID app instead of sharing your internal API token and risking security.

Steps for creating an OpenID application:

Step 1. API token

Make sure you have your directory API token.

Step 2. Create an app

This is the barebone info needed for creating an app of type OpenID:

curl --request POST \
     --url https://api.vcita.biz/platform/v1/apps \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer {YOUR_TOKEN}' \
     --header 'Content-Type: application/json' \
     --data '
{
     "name": "My app",
     "redirect_uri": "https://some-redirect-uri.com",
     "trusted": "true"
}
'

Response:

{
  "data": {
    "app_code_name": "myapp",
    "app_id": "u5435fdh57d",
    "client_id": "e0faca0a2bca52368adfd0ac6035c7a596fbcdaa1390c7fa9af83f230f29",
    "client_secret": "4095d7bf3f7ec355be4ab32b7320bb4e4b3e1097ddae83cce05b479",
    "name": "My first app"
  },
  "status": "OK"
}

📘

redirect_uri

Following the OAuth2 protocol specifications, you'll need to configure an endpoint on your end that the user will be redirected to once the OAuth handshake is completed.
More information can be found in the [OAuth guide](Following the OAuth2 protocol specifications, you'll need to configure an endpoint on your end that the user will be redirected to once the OAuth handshake is completed.
More information can be found in the OAuth guide.).

Step 3. Storing the client_id and client_secret

Store the app_code_name, client_id, and client_secret on your DB for future use.
There will be no way of retrieving the client_id and client_secret later on.

*note: the app_code_name is created based on the app name.
In cases where there's an already existing app with the same name, a post-fix string will be added to the app_code_name.

Step 4. Usage

Now that you have created an app and received the client id and client secret, you can use those for completing an OAuth flow, as described here.


Did this page help you?