Integrating Experiences
Before building your Application Experience, it is important to define how you want that experience to integrate into the Cinchy platform. Cinchy offers two forms of app authorization that you can use to integrate with:
- Personal Access Tokens
- OAuth (Resource Owner Password or Implicit Flows)
OAuth is generally recommended so that your app functions within the context of Cinchy for all users accessing it.
Personal Access Tokens
Personal Access Tokens are created in the Settings menu of a specific user, and all associated access controls are applied and honoured when calling the token. A single user can have up to 5 active PATs at once, and they have a maximum expiry date of 1 year.
You can find details on how to create PATs by reviewing the documentation here.
Note that the Cinchy SDK Silent Refresh capability is not available if using a PAT. Token refresh will need to be managed by the app builder instead.
Using a Personal Access Token
PATs can be used within APIs by prefixing the token with Bearer and passing it through the Header.
| Name | Data Type | Description |
|---|---|---|
| Authorization | string | Bearer <personal_access_token> |
OAuth
Bearer Tokens cen be created with the [Cinchy].[Integrated Clients] table. This token is issued by the Cinchy SSO using the OAuth 2.0 Resource Owner Password or Implicit Flow and can be retrieved for any Cinchy User Account or SSO Account. API calls made using a bearer token will run under the privileges of the authenticated user, and are driven by the configured data level access controls.
You can find details on creating a Bearer Token by reviewing the documentation here
Using a Bearer Token
Bearer Tokens can be used within API Headers using the following method:
| Name | Data Type | Description |
|---|---|---|
| Authorization | string | Bearer <bearer_token> |
