Our services
We currently offer these main integration points:
- B2B REST API which can be used to perform various administrative operations on all your customers
- Authentication API and GraphQL interface which can be used to build customer-facing experiences
- Communications API (webhooks) which you will build based on our specification, and can be used to receive notifications about various events in Shaype platform
Note
The main difference between B2B REST API and GraphQL interface (with related Authentication API) is that:
- B2B REST API can be used to perform actions across your whole business and customer base,
- GraphQL interface is always accessed in the context of a logged in end-user - a customer.
The latter is where the Authentication API comes into play, allowing your customers to log in and acquire a security context for their interactions with their account(s) on the Shaype platform.
These differences have a major impact on how these integration points will be accessed.
Authentication options
The way you will authenticate against Shaype web services depend on the service you want to communicate with. The table below shows available options.
| API | Description |
|---|---|
| B2B REST API | Currently, you will receive a long-living token that can be passed as Authentication: Bearer HTTP header. This is enough to gain access and execute APIs. |
| GraphQL interface with Authentication API using Shaype authentication | We provide a user login functionality based on magic links sent via email, access tokens, and security context elevation (via one-time passwords) for some of the calls. |
| GraphQL interface with Authentication API using external authentication | You provide a user login functionality using your or 3rd party service (e.g. Auth0), and we provide a token exchange feature that you can use to fetch access tokens for Shaype platform. |
| Communications API (webhooks) with a long-living token | You generate and provide us with long-living Bearer token that we can use to call your webhooks |
| Communications API (webhooks) with an OAUTH2 authentication | You provide us with access tokens that can be fetched using OAUTH2 client secret or refresh token. We will use them to call your webhooks |
Subpages will describe each of the options in detail.