Tray Embedded / Connectivity APIs / Authentication
Before creating authentications to call connectors with, it is necessary to create the users that will own these authentications.
Each of these users can own multiple authentications and will have their own Tray personal workspace.
Tray does not have strict limits on the creation of users.
A one-to-one mapping between your system’s users and Tray users is the recommended approach.
Tray features are designed assuming this is the case.
The following table shows how all aspects of user management are dealt with:
|Feature||How it works||Notes||API used|
|User creation||via Embedded API||should be the users in your company that are part of the system being integrated with Tray||Create User API|
|Auth ownership||a user can own multiple authentications||otherwise solutions with more than one authentication will not be able to be executed||Create User Auth - but normally created via auth-only dialog (see below)|
|Permission model||based on workspaces||can have an impact on embedded solutions that use workspace objects such as authentications or connectors||n/a|
|Auth management||systems can read or delete all a user's auths with a single API call||could be triggered after a user is removed from the system||Get User Auths and Delete User Auth|
The simplest way to integrate Tray users would be to add a field to the entities that represent the concept of a user in the system’s model.
It could also be modelled as an “add on” feature without changing the system’s domain by:
adding the mapping as a new concept that would link a local user with a tray user
these user mappings can then be created as part of the creation of the authentication:
if the user mapping doesn’t exist create it
otherwise reuse the one that already exists
Of course these are just suggestions that may or may not apply depending on your internal user model
Obtain a master token
To use the authentication and call connector APIs you will need to obtain a master token.
Details of how to create a master token can be found here
Step 1 - create a user and user token
Step 2 - collect authentications
Once the auth flow is completed a message will be sent to the window that opened the pop-up containing a UUID
This UUID is the authId and will be used when the connector call is made so that Tray can access the users credentials: