Integration App Token Authentication

Integration App Token authentication uses integration.app's built-in token system for authentication.
This is typically used for internal connectors or services that are aware of Integration App.

Integration App Token authentication is useful for:

• Services that are specifically designed to work with integration.app
• Testing and development scenarios

Configuration

In your spec.yml:

auth:
  type: integration-app-token

With this authentication method, integration.app will add an X-Integration-App-Token header to all requests to your API. It will contain a JSON Web Token signed by the Workspace Secret. The token will contain the following claims:

• iss - Issuer, will be the key of the workspace integration runs in.
• sub - Subject, will be the ID of the user who owns the integration being run.
• fields - Fields of the user who owns the integration being run.

You can decode and verify the token to authenticate the request.

Here's an example of how to verify the token:

import jwt from 'jsonwebtoken'

const token = headers['x-integration-app-token']
const workspaceSecret = process.env.WORKSPACE_SECRET

// Verify token
const decoded = jwt.verify(token, workspaceSecret)
// decoded will contain: { iss, sub, fields }