Tip of the day

Support tickets can be submitted directly from application

SECRETS

Estimated reading: 2 minutes 51 views

A secret facilitates an Bearer token authentication method (i.e. OAuth2) that is consumed in builtin web-hooks and with application connectors such as Salesforce.

While Secrets for application connectors are created automatically, secrets for Web-hooks are required to be created manually. This is a guide for manually creating and testing your secret integration.

OAuth2 Conventions

With Cellosign Secrets are managed in two standard conventions that are slightly defer in implementation.

  • Username/password [General username and password]
  • Client ID/Client secret [Microsoft Graph Rest API]

General username and password

ParameterValue
TypeSelect General – username and password
urlInsert URL to post token request
Grant typeEnter the grant type
Scopeinsert scope values
User nameInsert username
PasswordInsert password

Request example

With the example above this is how the request from Cellosign looks like

{
	"username": "Myusername",
	"password": "Mypassword",
	"grant_type": "password",
	"scope": "('read,write',)"
}

Expected response

Cellosign expects at least two parameters in response:

{
	"expires_in": 300,
	"access_token": "BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F"
}
  • “access_token” that will be used in web hook request header for Authorization
  • “expires_in” is a lapse time, in seconds, that the access token can be used before it is expired

Microsoft Graph Rest API

ParameterValue
TypeSelect Microsoft Graph REST API v1.0
urlInsert URL to post token request
Grant typeEnter the grant type
Scopeinsert scope values
client_idInsert client id
client_secretInsert secret

Request example

{
	"client_id": "8e17edb9-0f05-46cc-8741-a937e351e631",
	"client_secret": "Mysecret",
	"scope": "read,write",
	"grant_type": "password"
}

Expected response

Cellosign expects at least two parameters in response:

{
	"expires_in": 300,
	"access_token": "BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F"
}
  • “access_token” that will be used in web hook request header for Authorization
  • “expires_in” is a lapse time, in seconds, that the access token can be used before it is expired

Notes and gotchas

  1. Note the difference in SCOPE parameter value between the two methods.
  2. Cellosign will use token until the time of expiration provided for token request. When token is expired, Cellosign will initiate a request for a new token.

Leave a Comment

Share this Doc

SECRETS

Or copy link

CONTENTS