search

Application

A Nexus211 application can;

1) interact with Nexus211 API directly

example: a bot that syncs data from/to Nexus211 api

2) provide OAuth login to act on their behalf of users (in the same org)

example: an internal app that helps users perform certain tasks

3) utilize third-party authorization to act on third party org user's behalf, and perform operations in their org.

example: Caresuitearrow-up-right

hashtag
Scopes

Your application's scopes will determine what endpoints it can use on Nexus211 API.

Enable only the scopes that your app is actually going to use. You can update your application scopes at any time.

hashtag
Access Isolation

An app created by one Nexus211 organization cannot access the data of another organization, unless it's explicitly allowed access to do so.

Currently, there are two ways to grant such an access:

  • OAuth Flow (for personal interactions)

  • Third-party Authorization (for programmatic interactions)

If you wish to develop a general purpose app for all Nexus211 organizations to use, it's paramount that you understand how multi tenancy works in Nexus211, and how to authenticate correctly with the Nexus211 API.

hashtag
Multi-Tenant Applications

Single Tenant is when one application is used solely by one organization. Multi Tenant means that one application developed by an organization can be utilized by many others.

hashtag
OAuth is Multi-Tenant by Default

Nexus211 applications are single tenant when first created. However, once you add OAuth sign in capabilities to your app, it's possible for users from any organization to sign in to your app. It's possible to change this default behavior by configuring your OAuth setup accordingly.

hashtag
Third-party Authorization

If your app requires programmatic access to Nexus211 API on behalf of another organization, third-party authorization is what you need. This is a scheme in which one of the admins of an organization grants your application access to their organization. To the organization granting this access you are a third party, hence the name "Third-party Authorization".

The app will be provided a unique Client Secret (the Client ID stays the same) for each organization that authorized them. The app can access these keys at any point by making a request to GET /keys. When the app wants to act on behalf of another org, it should simply authenticate with its own Client ID, and the Client Secret issued for the organization in question.

As an organization granting access to third-party apps, you can view & revoke access in Nexus211 ID Applications page, under the "Authorized Applications" tab.

💡 You cannot grant your own application third-party authorization.

PreviousTransactions

Last updated