Leveraging Service Apps for Secure and Scalable API Calls: A Guide for Admins and DevelopersDecember 21, 2023
Today, we are going to explore Webex Service Apps, particularly how they simplify authorizing org-level integrations for admins while making token consumption for making API calls secure and scalable for developers.
For example, if you're an admin and you have an automated process internally, or if you're allowing a 3rd party developer to write an app that performs admin tasks for your organization, service apps can be incredibly useful by turning an admin-authorized integration into a virtual admin, limited by scopes selected in the developer registration process, to do tasks like automate provisioning, generate reports, and create meetings for an entire org. Furthermore, if an authorizing user leaves the company or changes their passwords, the Service App will continue to function, ensuring a smoother workflow. Any full admin can go into the control hub and disable or enable an available service app.
Developers get most of the same tools that a Webex integration would provide when registered to start building out the OAuth 2.0 flow. The part that makes Service Apps beneficial for developers is that they can request admin authorization in the developer portal. This request makes the app available to admins in the Control Hub. Once the admin authorizes the application, the developer gains quick access to an access token and a refresh token without having to redirect users from their integration to the Webex ID broker, simplifying the authorization process. All the developer needs to do is use the refresh token according to the integration documentation to maintain a valid set of access and refresh tokens. Please see this sample code for implementation.
Service apps provide an additional bonus for developers who are automating the migration of on-prem legacy voice solutions to the cloud-based Webex Calling solution. If a developer is requiring a customer to spin up integrations as part of the onboarding process due to each user of the software needing a unique redirect URL for the traditional OAuth flow, these developers can bypass the need for multiple redirects and have customers grant their app access to tokens in a secure and scalable fashion.
Need Some Help? We Got You Covered!
We are excited to provide you with support for these features. If you need help, the Webex Developer Support Team is standing by and happy to assist. You can also start or join a conversation on the Webex for Developers Community Forum.