OAuth implementation in apps

Apps use the Freshservice REST APIs to access Freshservice data (resources). API authentication is a process that verifies the identity of app users who want to access the Freshservice data. API authentication ensures that only authorized users have access to the data.

We offer the following API authentication mechanisms to access Freshservice resources:

  • Basic access authentication. For information on this, see API Authentication using API keys.
  • OAuth authorization and access token authentication. This section explains how your apps can use OAuth authorization.

Through OAuth authorization, the apps access the resources securely, without collecting or exposing sensitive credentials from the app user. Freshworks enables you to implement OAuth authorization flows in Freshworks apps, Custom apps, and External apps.

Important:OAuth implementation is supported on all categories of apps: front-end, serverless, and SMI apps.

  • Freshworks apps are built using the FDK and published to the Freshworks Marketplace. Custom apps are built using the FDK and are private to an organization. External apps are non-Freshworks apps, built using third-party SDKs (or other provisions) and published to third-party Marketplaces.
  • In this document, any app (Freshworks, Custom, or External) that uses OAuth flow is called an OAuth app.

The OAuth authorization and authentication flow, on successful implementation,

  • Enables app users to authorize the app to act on their behalf to access Freshservice data.
  • Enables the app to request user's authorization and place a request for an access token.
  • Enables the app to obtain the access token and place authenticated REST API calls.