There are two distinct types of applications used for authorizing access to a data source;
Ready-to-go Openbridge app
A customer-created app (Bring Your Own App)
Openbridge Apps
An Openbridge app reflects an application we established at the upstream data source. Typically this involved the application's creation, configuration, management, and monitoring. Part of that process also includes verification and certification, which often will grant an Openbridge app;
Increased throughput (i.e., increasing the volume of API calls)
Expanded access (i.e., access to more API endpoints)
Restricted access (i.e., access to API resources that require certification or approvals)
For example, the Openbridge Selling Partner App for SP-API was authorized to collect PII data after a rigorous review and certification process with Amazon. Customers may prefer to leverage the Openbridge SP-API app rather than undertake a similar process with Amazon.
Openbridge invests significant time and energy in working through official developer programs established by Amazon, Facebook, Google, Stripe, etc. Companies require developers that participate in programs to undertake rigorous audits, reviews, and compliance monitoring to be approved as a user of their systems.
However, there are cases where customer-created apps are needed. We cover those below.
Customer Apps (Bring Your Own App)
Data sources (and data destinations) can have varying approvals, outputs, or limits. As a result, many platforms encourage users to develop internal or private apps for their own accounts. For instance, some data sources restrict the number of API calls allowed for all apps. YouTube serves as an example, as it limits the number of API calls that can be made. In such scenarios, YouTube encourages the creation of apps tailored to individual channel owners rather than developing a broader public app that supports hundreds or thousands of YouTube customers.
Another reason for supporting customer-provided apps is that, like Openbridge, customers may have already invested in building an app for a particular data source. As a result, they want to continue to leverage those investments.
Openbridge supports customers using their own applications. For example, a customer can create a private Shopify partner app specific to a merchant. Openbridge will leverage the customer's Shopify app when making data requests.
Two types of "Bring Your Own App"
There are two types of Bring Your Own Apps;
Configured
Embedded
Configured Apps
Configured apps are used in services like Airbridge and Airbyte. Configured apps require a user to setup, gain approvals, and authorization upstream at the data source.
For example, LinkedIn details how to establish apps, applying for access approval, and the limits for an app once approved. These processes can sometimes take a few minutes to a few days to complete.
Here is an example of applying for access to the LinkedIn API:
Configured App Example
As the name implies, a configured app requires a "config". Each connector will have its own set of authentication methods and configurable parameters. That means different sources and destinations will have different requirements for connecting and authorizing.
In our example below, LinkedIn requires the following in the config file;
{
"credentials": "optional_value",
"client_id": "required_value",
"client_secret": "required_value",
"refresh_token": "required_value",
"access_token": "required_value",
"start_date": "required_value",
"account_ids": "optional_value",
"ad_analytics_reports": "optional_value"
}
LinkedIn defines what is required to connect to it's system which is then reflected in the corresponding connector. You can find out more details about using open source in the LinkedIn connector docs.
Always reference the connectors provided setup guide for specific instructions for defining a configuration and filling out each field.
Embedded Apps
Embedded apps are similar to configured apps but with a slight twist. As detailed before, a customer can create a private Shopify partner app specific to a merchant. The Shopify app is a self-serve, automated workflow that Openbridge can support natively.
Activating Your Embedded App
Openbridge only supports OAuth-based embedded apps that allow third-party authentication.
While the specifics may vary from app to app, most Oauth-based applications require a client or app ID and a client or app secret. The ID and secret codes will be required for Openbridge to connect to your app. Also, Oauth apps will require a redirect URI, OAuth Redirect URI, or Callback URL. A Callback URL is where the app will respond with the appropriate access token.
App URL:
https://app.openbridge.com/identity/<productId>/<productId>?stage=credentials
The <productId> will be supplied to you in the specific connector configuration screen
Redirect/Callback URL:
https://oauth.api.openbridge.io/oauth/callback
You must make sure that you enter the Openbridge URL. Without the Openbridge Callback URL registered in your app, we cannot authenticate your app and receive an access token properly.
Most apps restrict access to verified domains. Your app may require Openbridge domains must be associated with the app, including the homepage URL, terms of service URL, and privacy policy URL.
Homepage/Domain:
openbridge.comTerms:
https://www.openbridge.com/terms/Privacy:
https://www.openbridge.com/privacy
Customers are responsible for their app's ongoing management, monitoring, and operations.
Notes:
Copy the client's secret when presented, as it may appear only once.
Ensure there is no added space to the end of the ID or Secret. This may cause the credentials to fail if there are any extra spaces included during a "copy and paste".
Most apps will not accept IP Addresses, and Openbridge does not support them either.
The callback URL will be HTTPS; do not type HTTP.
References