Securing Client Web Applications

Learn how to configure and manage API keys

Client Web Applications and Directscale establish secure communication through the use of separate API keys or one-time use tokens.

Authorizing HTTP Requests To A Client Web Application


Authorizing APIs

Directscale sends HTTP requests with an API Key in the Authorization header using the bearer token schema.

ex. -H 'Authorization: Bearer Vnowkdownv30sn3!nfko9^fj'

Learn how to Configure the API Key that is sent to a Client Web Application.

👍

Using the C# Client Library?

Read Authorizing Client Web Application APIs to see how the library makes Authorizing Client Web Application APIs easy.


Authorizing Pages

External Pages can be authorized using the "pageToken" sent in the query string when a page is requested.

📘

Learn more about the information sent in the query string by reading How External Pages Work.

A page token can be validated using the Extension Validate Token API. If the token is valid the API will return a 200 OK response with the username, in the JSON Body, of the user that requested the page.

👍

Using the C# Client Library?

Learn how using the [ExtensionAuthorize] Attribute with controllers does this to Authorize Client Web Applications

Example


How Directscale Authorizes HTTP Requests


Client Web Applications interact with the Extension API. Learn more by reading Authentication & Authorization

Learn how to Generate an API Key used to authorize HTTP requests to the Extension API

👍

Using the C# Client Library?

Learn how the library makes Calling the Extension API easy.


Accessing The Page


📘

Admin: Corporate Admin
Page: Tools > Developer Tools > Extension Settings
URL: {client_ID}.corpadmin.directscale.com/Corporate/Admin/Extension/Settings
Permission: ViewAdministration()

🚧

Having troubles accessing the page?

Your user may need the ViewAdministration() permission enabled for your Role by your Corporate Administrator.

Still can't see the page? Contact Customer Care and they check that your Client Extension is enabled and configured on our side properly


Did this page help you?