Introduced in 2022.1
Application accounts, or just applications, provide a security context for third-party applications integrated with Alloy Navigator via the API. This article describes how to create and manage application accounts for your external applications.
API access tokens obtained using application accounts grant external applications full unrestricted access to all Alloy Navigator objects and workflow actions, regardless of their availability limited by security roles.
To authenticate an external application against the API, it must provide valid credentials—an application ID and a secret. Those application credentials are issued by Alloy Navigator when you create an application account.
To create an application:
Admin Center, go to Users & Security > Accounts and Roles > Applications and click New. The Application dialog box opens.
Enter an application name to the Application Name field. Alloy Navigator will use that name to personalize actions that the third-party application will perform in Alloy Navigator via the API.
Note that the credentials, Application ID and Secret, are generated automatically.
Application ID - an "application login," an identifier that the application uses when requesting an access token.
Secret - an "application password," a secret string that the application uses to prove its identity when requesting an access token.
Copy and save the Application ID and the Secret for later use.
Click OK to save your application.
Now you can use these application credentials to obtain an access token and allow the application to access Alloy Navigator. For details, see API User's Guide: Authenticating Applications.
A secret must be known only to the external application and the authorization server. It protects your Alloy Navigator resources by granting access tokens only to authorized applications.
If an application secret is ever compromised, you should generate a new one, and update all authorized application instances with the new secret. Besides that, it is a good practice to change the application secret from time to time.
To generate a new secret:
Under Users & Security > Accounts and Roles > Applications, double-click your application. The Application dialog box opens.
Click Generate New Secret. Copy and save the new secret for later use.
- Click OK to save your changes.
Now you can update configuration of your external applications to use the new secret. For details, see API User's Guide: Authenticating Applications.
IMPORTANT: Generating a new secret makes all application instances to be unable to connect to Alloy Navigator until they are updated with the new secret.
When you need to temporarily deny access to Alloy Navigator for an external application, you can disable its application account in Alloy Navigator. Later, you can enable it.
To disable or enable an application account:
Under Users & Security > Accounts and Roles > Applications, click the application to bring up the Application dialog box, and then click the Make Inactive or Make Active button there.