Client API Proxy
06 December, 2020

3 mins

Introducing Client API: Build your own app marketplace and partner portal

Introducing Client API: A new OpenChannel API that is aimed to dramatically reduce the time and cost required when building your own marketplace, partner portal or integrating aspects into your existing website or application. This is especially beneficial for teams using a JamStack approach with javascript front ends like React, Angular or Vue.

What is the Client API?

Our new OpenChannel Client API is a proxy that sits on top of our existing API and takes on the added responsibilities of authentication, authorization and data validation. In short, it’s designed to be the backend API for your React, Angular or Vue based marketplace or partner portal web application.

This means that you don’t need to create a server side application to communicate with the OpenChannel API. Instead, the new API also handles authentication and authorization of end users at the client side which allows your users to log in using your own SSO tokens or OpenChannel provided tokens. In addition, the new API makes it very easy to call the OpenChannel API from within your product in or website.

How does it work?

Unlike our traditional Market API our Client API is built to handle the context of the logged in user. Instead of authenticating with a general purpose API key, the OAuth access token obtained by the logged in user is passed to the Client API. Overall, there are two different authentication options:

Native: We want OpenChannel to manage registrations and accounts

If you want OpenChannel to manage user accounts, registration, signup, etc… then we do provide native login by default with no setup required. End users or developers will be able to register for an account and login naturally and we’ll handle everything on our side. In the backend we use an OpenId Connect identity provider and pass an access token to the front end client that can then be used to call the Client API.

External: We have our own SSO and want to use it

If you already have your own authentication service for user login (like Okta, Auth0, etc…) then all we need is a quick setup. After setting the Client API as a service provider (with a client id, secret, scopes, attribute mapping, etc…) users will be able to call the Client API endpoints directly from your front end using their access token.

In addition, this also works if your calling the Client API from within your website or product directly. Simply pass the user’s access token and call the API.

What’s the difference?

Besides the authentication method there is no much difference between the existing Market API and the new Client API. The responses are the same, the object model is the same, the request parameters are mostly the same. However, there are a few notable differences.

Some API endpoints are not available in the Client API. The excluded endpoints are for operations that a user shouldn’t have access to. For a full list of supported endpoints please see:

Also, endpoints with userId, userAccountId, developerId or developerAccountId as parameters ignore any value passed in and use the values that are in the access token. This ensures that an end users or developers cannot perform actions based on other users.

Lastly, some endpoints provide back end validation based on the ‘type’ when creating items like apps, reviews, ownerships, etc.. For example, if you’ve created an app type ‘downloadable’ that has a required field ‘fileUrl’ then when the call is made to create an app (POST /apps) the Client API will verify that the ‘file’ field is present and valid.

How can I get access to the beta?

To request access to the beta log into your dashboard and click the intercom chat link in the bottom right of the page.

You can paste the following message in the chat:

I would like access to the Client API beta

We’ll then work with you to enable and setup your Client API access. Note: This functionality is currently in beta and its API endpoints may be subject to change.

Related posts

Developer Communication Made Easy
Tools & Guides

Developer Communication Made Easy...

Communicating with developers both inside and outside your company can be hard (sorry, developers), so hard in fact you can...

What Is An App Marketplace?
Tools & Guides

What Is An App Marketplace?...

Table of ContentsWhat is an App Marketplace?What are the Parts of an App Marketplace?StorefrontDeveloper PortalAdministrator PortalExamples of App MarketplacesConsumer app...

Defining Your App Marketplace Requirements
Tools & Guides

Defining Your App Marketplace Requirements...

“Give me six hours to chop down a tree and I will spend the first four sharpening the axe.” –...