App Authentication (Cert)

Released in 1.47.
Authenticates an OBO app using the SSL client certificate presented by the TLS layer and returns an application session token that can is used with OBO user authentication.

To call this endpoint, you must provide a certificate where the common name on the certificate matches the appId of an application that has been enabled on the target pod. This certificate must also be trusted by the target pod.



Symphony prevents bots from calling this endpoint when the following conditions are true:

  • An application and a bot have the same name.
  • The application specifies a valid certificate in its manifest file.
  • The application is enabled and not marked for deletion. For more information about enabling and deleting applications, see the Symphony Administration Guide.


Get Started with OBO

On Behalf Of (OBO) is a pattern that enables developers to perform operations on behalf of a Symphony end-user. For more information, refer to OBO Authentication.