We’re working on integrating our SaaS solution with PowerOffice for multiple firms. Each firm within our platform has its own PowerOffice client, and they need to be able to upload files to the appropriate PowerOffice account for each firm. To achieve this, each firm must use their own unique AppKey and ClientKey to retrieve an Access Token for authentication when making API calls (e.g., POSTing files).
We’ve successfully implemented this for a single PowerOffice client following the approach outlined here: Appfarm - Get Token. However, we’re unsure of the best way to extend this to multiple firms and PowerOffice clients.
Key Questions:
Best Practice for Multi-Tenant Integration: What’s the recommended approach to handle authentication for multiple firms, each with its own AppKey and ClientKey, within Appfarm?
Credential Management: Should we store the AppKeys, ClientKeys, and Access Tokens for each firm in the database, or is there a better way to handle this? Is it possible to generate and store these credentials securely as secrets for each firm automatically in Appfarm?
Any advice or best practices for securely managing these keys and integrating with multiple PowerOffice clients would be greatly appreciated!
Create a separate object class holding the AppKey, ClientKey and Access Token, I will refer to it as secretOC
Set up the object class permissions to only allow a service account access to the secretOC, so that it can only be interacted with through a service. No other custom roles should have access to this object class.
If the customer has to be able to create/read/update/delete its own keys, the secretOC needs to have a reference to the customer. And you would need to use conditional permissions to make sure that customers only have access to their own keys.
Call the service endpoint to get the access token. This service can not take in params that identify the user or organization it is acting on behalf of, so use “run service as”. Finally, store the access token in the secretOC.
Hope this helps, get in touch with your Appfarm representative if you need to discuss further implementation details, or need to set up conditional permissions.
Thanks for the reply, we have started to look into this, but it seems like the conditional permissions isn’t turned on for our solutions. Can you please look into this?
