Connecting external applications with Kayako can carry some risk. Using OAuth can greatly reduce that risk, by granting applications access to Kayako via a secure token rather than sharing your normal Kayako credentials with external systems.
There are two pieces to managing OAuth access for an app:
- Registering the app in Kayako’s admin area
- Managing app authorizations for particular users
In this article we’ll go over the steps for each part of the process.
The first step is to grant OAuth access to the application from Kayako’s admin area.
NOTE: To register a new app for OAuth access, you will need an administrator account with the ‘Manage apps and integrations’ permission.
To register a new app for OAuth access:
- Sign in to the admin area.
- Click on API in the sidebar, and click the OAuth apps heading.
- You’ll see a list of any apps you’ve already registered here. Click the New OAuth App button.
- Enter the Name of the app, as well as a link or written description to give your users some context or background on the application.
- In the Logo field, upload a 100x100 pixel logo image that Kayako can use for any activities that happen via the app.
- From the Scopes dropdown, select whether you’d like the app to have access to all of your Kayako data, or just a particular subset of it.
- In the Callback URL field, enter the URL in the application that users should be taken back to, after they’ve authenticated the app.
NOTE: If you don’t have this information handy, you might have to reach out to the developers of the app.
- Click the Save button to generate the access tokens for your app.
- On the next screen you’ll find the OAuth credentials you’ll need to add to your app. Make a local copy of the Consumer Key and Consumer Secret.
- When you have the credentials saved, click the Done button to finish registering the app.
Now that your app is registered with Kayako, you’ll be able to use OAuth to access it. In the app, wherever you need to supply authentication credentials, use the key and secret you just saved and the app will be able to establish a secure connection to Kayako.
Once an app has registered for OAuth access, individual agents will be able to authorize the app to access Kayako via their account. The app itself will prompt users to authorize it’s use, the first time they try to use the app. Once they’ve authorized an app, they can manage it’s access from their user profile in the agent area.
NOTE: To authorize an app to access Kayako, you will need an agent or administrator account.
To manage app authorizations:
- Sign in to the agent area.
- Click on your picture in the upper right and click Profile.
- Click the down arrow to the right of the New Conversation button, and select Manage app access.
- Here, you’ll see a list of any apps you’ve authorized to use your account. Click the Revoke button next to any app to revoke its access to Kayako.
- A confirmation window will pop up. Click the Revoke button to confirm.
- Click the X button to close the app access window.
For any app whose access you’ve revoked, you will be prompted to reauthorize it, next time you go to use that app with Kayako.