Private Integrations enable robust, customized linkages between Progreda and third-party applications, allowing for tailored functionality.
Benefits of Private Integrations
Simplicity: Easily generate and manage tokens from your account settings.
Security: Restrict developer access to specific areas of your account.
Private Integrations vs. API Keys Private Integrations offer a secure, advanced alternative to API Keys, featuring:
Enhanced Security: Limited access for developers.
Modern Technology: Access to the latest API version (v2.0), supporting more features like webhooks.
What differentiates Private Integrations from OAuth2 Access Tokens?
Private Integrations are essentially static, fixed versions of OAuth2 Access Tokens.
How can I use Private Integrations?
Private Integration tokens are utilized in the Authorization header, similar to other Access Tokens. For instance, you can use the GET Contact request with the Private Integration Token in the Authorization header.
Creating and Managing Private Integrations
Default permissions allow all account admins to create Private Integrations. Permission adjustments can be made in the account settings under Roles & Permissions.
Private Integrations can be found and managed in the 'Other Settings' section of the account settings.
Creating a Private Integration
1- Initiate a new integration.
2- Name and describe the integration for clarity and management.
3- Select necessary permissions and generate a token to share with developers.
Please ensure that you are sharing the token with trusted parties only. Do not share it publicly.
Note: Don't forget to copy the token generated as you won't be able to do it again later.
Security Tips for Managing Integration Tokens
Regularly rotate tokens every 90 days to maintain security.
Actions include rotating tokens, canceling rotations, or expiring tokens early.
Note: Don't forget to copy the token generated as you won't be able to do it again later.
Responding to a Compromised Token
1- Navigate to Private Integrations under settings, and click on the Private Integration you have created.
2- Immediately rotate the token.
3- Update the token in the third-party application.
Note: Don't forget to copy the token generated as you won't be able to do it again later.
Modifying Integration Permissions
You can change the name, description, and permissions without generating a new token.
If required, update the scopes/permissions that you want the private integration to have access to on your account. Ensure that you are selecting only the required scopes for better data security. Click on "Update" to save the updates made.
Note: Updating the Private Integration details does not generate a new token. The existing token will continue to work.
Deleting a Private Integration
Remove an integration when it's no longer needed through the settings menu.
FAQs
What is a Private Integration?
A Private Integration allows you to securely connect Progreda to third-party applications via APIs, offering more control over access and functionality.
How are Private Integrations different from API Keys?
Private Integrations provide a more secure and feature-rich alternative to API Keys, with controlled access and support for newer API versions and webhooks.
Who can create Private Integrations?
By default, all account admins can create and manage Private Integrations, but permissions can be adjusted at the user level in account settings.
Where can I find Private Integrations?
Private Integrations can be managed under the 'Other Settings' section in your account settings. Ensure the feature is enabled in Labs if it's not visible.
How do I create a Private Integration?
To create a Private Integration, navigate to settings, select 'Create New Integration,' name it, define permissions, and generate a token to share with trusted developers.
How can I ensure my Private Integration token is secure?
Rotate your tokens every 90 days to ensure continued security. You can also expire old tokens immediately once new ones are in place.
What should I do if my Private Integration token is compromised?
Immediately rotate the token by following the steps in the settings to prevent unauthorized access. Update the token in any third-party applications using it.
Can I edit the permissions of a Private Integration without changing the token?
Yes, you can update the name, description, and permissions of a Private Integration without generating a new token.
How do I delete a Private Integration?
If no longer needed, you can delete a Private Integration by selecting 'Delete' from the settings menu for the specific integration.
How often should I rotate my Private Integration token?
It’s recommended to rotate your tokens every 90 days to maintain security and prevent unauthorized access.