Authentications represent third party service auths that power the tray connectors.
If you were building an integration between Salesforce and Slack, you would need authentications for both Salesforce and Slack.
What's a Service Environment?
A Tray connector essentially exposes underlying third party APIs (ex. a Salesforce connector has a corresponding Salesforce service in Tray).
A Service environment can be treated as an instance of that service within Tray aginst which authentcations are created.
Hence, a Tray Authentication is created against a serviceEnvironment.
By default, every service has a default service environment called 'Production'.
For an OAuth service, an authentication created with default 'Production' service environment uses Tray's OAuth app. If you use your own OAuth app for creating the authentication, it would create another service environment.
We recommend using your own custom OAuth apps to whitelabel the auth dialog that's presented to the end users.
Enables creation of user authentications in Tray.
This endpoint is for the import of existing authentications.
If you need your End Users to create new auths from scratch, you should use the Auth-only dialog
The key authentication data is passed in the credentials
and userData
fields.
The steps involved in creating an authentication are:
Obtain a user token
Use Get connectors to get the 'Service' name
and version
(not the 'Connector' name and version)
Pass the Service name
and version
to Get service
environments to retrieve
serviceEnvironmentId
plus userData
and credentials
input schema requirements
Create authentication with this endpoint with the user token as bearer and passing the necessary serviceEnvironmentId
userData
and credentials
Authorization | string This must be a user token in order to link the auth to the correct end user. Example: Bearer 3fd74d349xxxxxxxxxxxxxxxxxxxxxxxxd90df521 |
name required | string Name for the auth which identifies End User, service, test, dev etc. |
serviceEnvironmentId required | string Obtained using the Get service environments endpoint |
object Data regarding base url, company id, table id etc. | |
object Auth data (token, secret etc.) required to complete the auth | |
scopes | Array of strings unique Example: |
onPremAgentGroupId | string <uuid> |
OK - Returns the authentication id required by the Call connector endpoint
Note that Tray only checks input schema and does not currently validate auths so e.g. an invalid API key may still return a successful result
Invalid input - Use Get service environments to check the correct schema
Unauthorized - Verify the token validity
Forbidden
Not found - Use Get service environments to check the serviceEnvironmentId
Limit exceeded
Internal error
{- "name": "Example authentication",
- "serviceEnvironmentId": "123e4567-aaaa-aaaa-aaaa-aaaaaa614174",
- "userData": {
- "region": "us"
}, - "credentials": {
- "token": "example_token"
}, - "scopes": [
- "read",
- "write"
], - "onPremAgentGroupId": "123e4567-aaaa-aaaa-aaaa-aaaaaa614174"
}
{- "id": "123e4567-aaaa-aaaa-aaaa-aaaaaa614174"
}
Retrieves metadata associated with a user authentication by its ID.
Returns auth id
serviceEnvironmentId
name
and scopes
.
Does not return sensitive data, such as tokens.
Authorization | string This can either be a your master token or the user token of the end user who owns the auth. Example: Bearer 3fd74d349xxxxxxxxxxxxxxxxxxxxxxxxd90df521 |
OK - Returns authentication details
id required | string <uuid> Unique id of the authentication - required by the Call connector endpoint |
name required | string Name for the auth which identifies End User, service, test, dev etc. |
serviceEnvironmentId required | string Identifies the service and environment the auth is for (e.g. Tray Slack OAuth app or your own Custom Slack OAuth app) |
scopes | Array of strings unique The permission scopes which describe the level of access this auth has to the service |
onPremAgentGroupId | string <uuid> |
Invalid input
Unauthorized - Verify the token validity
Forbidden
Not found - No auth with matching id has been found or user does not have access
Limit exceeded
Internal error
{- "id": "123e4567-aaaa-aaaa-aaaa-aaaaaa614174",
- "name": "Example authentication",
- "serviceEnvironmentId": "123e4567-aaaa-aaaa-aaaa-aaaaaa614174",
- "scopes": [
- "read",
- "write"
], - "onPremAgentGroupId": "123e4567-aaaa-aaaa-aaaa-aaaaaa614174"
}
Update a user authentication stored in Tray using it's authenticaionId
.
This endpoint doesn't support partial updates i.e. all fields in the request body are mandatory.
Authorization | string This can either be a your master token or the user token of the end user who owns the auth. Example: Bearer 3fd74d349xxxxxxxxxxxxxxxxxxxxxxxxd90df521 |
name required | string Name of the auth in Tray (e.g. |
object Data regarding base url, company id, table id etc. | |
required | object Auth data (token, secret etc.) required to complete the auth |
scopes | Array of strings unique Example: |
onPremAgentGroupId | string <uuid> |
Invalid Input
Unauthorized
Forbidden
Not Found
Limit Exceeded
Internal Error
{- "name": "Example authentication",
- "userData": {
- "region": "us"
}, - "credentials": {
- "token": "example_token"
}, - "scopes": [
- "read",
- "write"
], - "onPremAgentGroupId": "123e4567-aaaa-aaaa-aaaa-aaaaaa614174"
}
{- "id": "123exxxx-xxxx-xxxx-xxxx-xxxxxx614174",
- "name": "Example authentication",
- "serviceEnvironmentId": "123e4567-aaaa-aaaa-aaaa-aaaaaa614174",
- "scopes": [
- "read",
- "write"
], - "onPremAgentGroupId": "123e4567-aaaa-aaaa-aaaa-aaaaaa614174"
}
Allows deletion of authentications using the authentication's id.
Authorization | string This can either be a your master token or the user token of the end user who owns the auth. Example: Bearer 3fd74d349xxxxxxxxxxxxxxxxxxxxxxxxd90df521 |
No content - The authentication was deleted successfully
Invalid input
Unauthorized - Verify the token validity
Forbidden
Not found - No auth with matching id has been found or user does not have access to delete
Limit exceeded
Internal error
Gets all service environments for a given service name and version.
This endpoint is primarily used for retrieving the Service Environment id
of your custom OAuth apps which you have deployed for whitelabelling purposes.
The service name and version must first of all be retrieved using Get connectors and then passed as query parameters in the above endpoint url.
The following is an example response from Mailchimp.
{
"elements": [
{
"id": "42f51xxx-xxx-xxx-xxx-xxx0299c52",
"title": "Production",
"authenticationType": "oauth2",
"userDataSchema": {},
"credentialsSchema": {},
"scopes": []
},
{
"id": "c34exxx-xxx-xxx-xxx-xxxc97520e5",
"title": "mailchimp acme oauth",
"authenticationType": "oauth2",
"userDataSchema": {},
"credentialsSchema": {},
"scopes": []
}
]
}
The 'Production' environment is Tray's default environment which you use when creating a normal auth with Mailchimp in Tray.
The 'mailchimp acme oauth' environment is a custom OAuth app environment. The id
userDataSchema
and credentialsSchema
from this are used to create the inputs for Create user authentication
The id
is also required to build the auth-only dialog url to enabe End Users to create auths from scratch:
service-name required | |
service-version required | integer <int32> Version of the service as obtained from Get connectors Example: 2 |
Authorization | string You can either pass your master token here or user token of an end user. Example: Bearer 3fd74d349xxxxxxxxxxxxxxxxxxxxxxxxd90df521 |
OK - Returns an elements
array which contains the input schema for Create user authentication
Array of objects (PublicServiceEnvironment) |
Invalid input
Unauthorized - Verify the token validity
Forbidden
Not found - Service name or version not found or user does not have access
Limit exceeded
Internal error
{- "elements": [
- {
- "id": "228axxxx-xxxx-xxxx-xxxx-xxxxxxa244c1",
- "title": "Production",
- "authenticationType": "oauth2",
- "userDataSchema": {
- "advanced": [ ],
- "additionalProperties": false,
- "type": "object",
- "properties": {
- "signing_secret": {
- "format": "password",
- "description": "Used in the slack trigger version 5.0 and later to verify slash commands",
- "type": "string",
- "title": "Slash command signing secret"
}
}
}, - "credentialsSchema": { },
- "scopes": [
- {
- "scope": "calls:read",
- "description": "Allow apps to access information about ongoing and past Calls"
}, - {
- "scope": "channels:history",
- "description": "Access user’s public channels"
}, - {
- "scope": "channels:read",
- "description": "Access information about user’s public channels"
}, - {
- "scope": "channels:write",
- "description": "Modify your public channels"
}, - {
- "scope": "chat:write:bot",
- "description": "Send messages as tray.io"
}
]
}
]
}