:PROPERTIES:
:ID:       b073b659-19e2-4402-b3ef-087ee67aa201
:END:
#+Title: Full Integration Development Doc
#+Author: Yann Esposito
#+Date: [2023-07-17]

- tags :: 
- source ::

* Full Integration Development Doc

*Full Integration with XDR:*
Your UI is hosted on the same URL as XDR.

Steps:

1. Check which URL/APIs your integration will use (check the scope in Swagger UI)
2. Create a client with these scopes (Authorization Code Grant)
3. Test your integration with this client:
     - With normal clients: use =/iroh/oauth2/authorize= to retrieve a refresh token.
     - With trusted clients (you must ask the IROH team to bless it)
       Retrieve a refresh token from any account of your own IROH org
       by using =/iroh/ouauth2/cumstom= endpoints using your own session token.
4. Once the tests are conclusive:
   - create a new client per IROH environment (INT, TEST, PROD NAM, PROD EU,
     PROD APJC)
   - Ask the IROH (XDR-backend) team to bless these new clients as "trusted" and
    change their availability to =everyone=.

*Optionally*, improve the security of your API by asking to add an audience to
your client.