Table of Contents
What is the Client API?
Our new OpenChannel Client API is a proxy that sits on top of our existing API and takes on the added responsibilities of authentication, authorization and data validation. In short, it’s designed to be the backend API for your React, Angular or Vue based marketplace or partner portal web application.
This means that you don’t need to create a server side application to communicate with the OpenChannel API. Instead, the new API also handles authentication and authorization of end users at the client side which allows your users to log in using your own SSO tokens or OpenChannel provided tokens. In addition, the new API makes it very easy to call the OpenChannel API from within your product in or website.
How does it work?
Unlike our traditional Market API our Client API is built to handle the context of the logged in user. Instead of authenticating with a general purpose API key, the OAuth access token obtained by the logged in user is passed to the Client API. Overall, there are two different authentication options:
Native: We want OpenChannel to manage registrations and accounts
If you want OpenChannel to manage user accounts, registration, signup, etc… then we do provide native login by default with no setup required. End users or developers will be able to register for an account and login naturally and we’ll handle everything on our side. In the backend we use an OpenId Connect identity provider and pass an access token to the front end client that can then be used to call the Client API.
External: We have our own SSO and want to use it
If you already have your own authentication service for user login (like Okta, Auth0, etc…) then all we need is a quick setup. After setting the Client API as a service provider (with a client id, secret, scopes, attribute mapping, etc…) users will be able to call the Client API endpoints directly from your front end using their access token.
In addition, this also works if your calling the Client API from within your website or product directly. Simply pass the user’s access token and call the API.
What’s the difference?
Besides the authentication method there is no much difference between the existing Market API and the new Client API. The responses are the same, the object model is the same, the request parameters are mostly the same. However, there are a few notable differences.
Some API endpoints are not available in the Client API. The excluded endpoints are for operations that a user shouldn’t have access to. For a full list of supported endpoints please see: https://support.openchannel.io/guides/client-api-setup/
Also, endpoints with userId, userAccountId, developerId or developerAccountId as parameters ignore any value passed in and use the values that are in the access token. This ensures that an end users or developers cannot perform actions based on other users.
Lastly, some endpoints provide back end validation based on the ‘type’ when creating items like apps, reviews, ownerships, etc.. For example, if you’ve created an app type ‘downloadable’ that has a required field ‘fileUrl’ then when the call is made to create an app (POST /apps) the Client API will verify that the ‘file’ field is present and valid.
How can I get access to the beta?
To request access to the beta log into your my.openchannel.io dashboard and click the intercom chat link in the bottom right of the page.
You can paste the following message in the chat:
I would like access to the Client API beta
We’ll then work with you to enable and setup your Client API access. Note: This functionality is currently in beta and its API endpoints may be subject to change.