Developers
APIs and SDKs
General
Rate Limits
Rate Limits Overview
Current Rate Limits
Errors
API Errors
Gateway Errors
Authorization
API Authorization
Auth API Overview
API Routes
Signing API requests
User Authorization
OAuth Integration
OAuth scopes & resources
Using UPS Tokens
API Resources
Security
Security Overview
Authorization flows
Integration scenarios
Regions and Endpoints
Tracking
Tracking overview
Events
Content sources
Cookies and Data Collection
Reporting
Reporting API Overview
API Routes
API Definitions
API Change Log
NL Interpreter
NL Interpreter Overview
NL Interpreter API
API Setup
API Routes
API Definitions
API Change Log
Chatbot
Chatbot Overview
Chatbot API
API Setup
API Routes
API Definitions
API Tracking Guidelines
External Chat Tracking
API Answer types
API Direct answers
Webhooks
API Change log
Editor API
Editor API Setup
Webhook upon saving
Editor API Routes
Editor API Definitions
Editor API Change Log
Chatbot JS SDK
SDK Setup
SDK Configuration
SDK Customization
SDK Adapters
SDK JS-Client
SDK Styles
SDK Subresource Integrity
SDK Change log
Language Detection
Language Detection overview
Unexpected Languages
Knowledge
Knowledge Overview
Knowledge API
API Setup
API Routes
API Definitions
API Tracking Guidelines
API Change log
Editor API
Editor API Setup
Webhook upon saving
Editor API Routes
Editor API Definitions
Editor API Change log
Knowledge JS SDK
SDK Setup
SDK Configuration
SDK Customization
SDK Builder
SDK HTML Example
SDK Components
SDK JS-Client
SDK Styles
SDK Subresource Integrity
SDK Change log
Language Detection
Integration Options
Unexpected languages
Tracking across languages
Search
Search Overview
Search API
API Setup
API Routes
API Definitions
API Tracking Guidelines
API Change log
Search JS SDK
SDK Setup
SDK Configuration
SDK Builder
SDK Components
SDK Filter Components
SDK Search Store
SDK JS-Client
SDK Styles
SDK Subresource Integrity
SDK Change log
Language Detection
Integration Options
Tracking across languages
Benti
Benti Overview
Benti API
API Setup
API Routes
API Definitions
Webhooks
Using IQL
Case history actions
API Change log
Benti JS SDK
SDK JS-Client
SDK Subresource integrity
SDK Change log
HyperChat API
API Setup
API Routes
API Definitions
Webhooks Overview
Webhook Events
API Change log
HyperChat JS SDK
SDK JS-Client
HyperChat adapter
SDK Subresource Integrity
SDK Change log
API Resources Security Integration scenarios

Integration scenarios

The purpose of this page is to help you better understand when to use each Authorization flow, and how the SDKs fit in them. The following scenarios and their possible use cases are listed from the most secure to the least secure.

Full server side integration

In this scenario, the entire integration with the Inbenta API lives exclusively in a server side environment. This scenario is developed entirely from scratch and uses the Secret flow for authorization.

This is, by far, the most secure scenario.

The authorization and user process goes like this:

  1. A user wants to access the integration
  2. The server requests a new or refreshed access_token if needed.
  3. The Auth API will return a valid access_token for the server to store.
  4. The server uses the access_token to send requests to other Inbenta API.
  5. The requested API returns a response (e.g. a list of found contents).
  6. The server returns the request (optionally filtered or modified) to the browser. The browser shows it to the end user.

Use cases

Private data with different access levels

Inbenta strongly recommends that you use this scenario when the integration is contained behind a login screen, and some of the data that the API can return is private with different levels of access.

“Hiding” the API use in the server allows you to control who can access your content, set what kind of content they can access, and prevent data leaks. 

Higher Access Control Policies

You should consider this scenario if you need to apply restriction to how your users access the data (such as a VPN, geolocalization restriction, etc.). When you proxy the Inbenta APIs behind the server, it gives you the flexibility to apply any specific restrictions you may need.

Case Management API

This is the only scenario applicable for the Case Management API, because it literally is a “private data with different access levels” scenario as described above.

SDK Integration

As there is no API consumption from the browser, it does not make sense to integrate the SDKs in this scenario.

Mixed use: server side authorization + client side use 

In this scenario, the authorization process happens server side, but the APIs are consumed client side (preferably using the SDK). Only use the Secret flow authorization for the authorization process when you use this scenario.

This is a less secure approach than the previous scenario, but it is far more secure that using only the domain key.

The authorization and user process goes like this:

  1. A user enters the integration. A javascript command sends a request for an access_token to the server (because the SDK does not do that for you).
  2. The server requests a new or refreshed access_token if needed.
  3. The Auth API will return a valid access_token for the server to store.
  4. The server returns the access_token to the javascript. The JS builds the SDK.
  5. The SDK sends a request to Inbenta APIs
  6. The requested API returns the data. The SDK shows the data to the user.

Use cases

Private data with good access control

You can implement this scenario when your data is private but without different levels of access, as it provides good security and allows the use of the SDK. 

Having a large list of domains we want to restrict

If you plan to use domain keys, but the number of domains exceeds the allowed limits, you could implement this scenario and control which ones of your domains may be authorized through the server against the Inbenta Auth API.

SDK Integration

To apply this scenario, build the SDK with the createFromAccessToken method and use the access_token that the server provides. For more information, see the SDK setup page of your product.

Full client side integration

In this scenario, both the authorization and the consumption of the APIs are done in the browser client (preferably using the SDK). This means you can delegate the entire process to the SDKs. This makes it the easiest way to integrate Inbenta.

Because the SDK uses the domain key authorization flow, it is also the least secure of the three scenarios presented here.

The authorization and user process goes like this:

  1. The SDK sends a request to the Auth API with the domain key to obtain a new or refreshed access_token.
  2. The Auth API will return a valid access_token for the SDK to store in the browser.
  3. With a valid access_token, the SDK performs requests to a specific Inbenta API.
  4. The requested API returns the data. The SDK shows the data to the user.

Use cases

Private data with a good logged environment

This scenario may fit your needs if your data is private but the integration is contained behind a login screen with a good security level. Remember that this delegates the real security to your own environment.

Public data

When all your API instance data is considered public, you may use the domain key flow and the client side integration scenario. This is the fastest way you can integrate Inbenta.

SDK integration

To apply this scenario, build the SDK with the buildWithDomainCredentials method and use the domain key directly. For more information, see the SDK setup page of your product.