Get Started with OBO
OBO or On-Behalf-Of authentication allows an extension application to be able to call REST API endpoints to perform operations on behalf of an application end-user.
Such operations include:
- List the streams of a given user
- Initiate connection requests to and determine connection status with other users
- Get the presence state of other connected users
- Initiate IMs and MIMs with other users
- Send messages and attachments
- Set the context user's own presence
More information on OBO
For more information, please refer to OBO Authentication.
API endpoints enabled for OBO
The following table describes which of our REST API endpoints are OBO-enabled, and for each the application permission that must be granted to the app.
| OBO-enabled endpoint | Permission | Endpoint documentation |
|---|---|---|
| "GET", "/pod/v1/connection/list" | GET_USER_CONNECTIONS | List Connections |
| "GET", "/pod/v1/admin/system/protocols/list" | SEND_MESSAGES | Deprecated documentation. For more information, refer to: List Protocols v2 |
| "GET", "/pod/v1/connection/user/{userId}/info" | GET_USER_CONNECTIONS | Get Connection |
| "GET", "/pod/v1/files/allowedTypes" | SEND_MESSAGES | Attachment Types |
| "GET", "/pod/v1/presence/feed/{feedId}/read" | GET_PRESENCE | Read Presence Feed |
| "GET", "/pod/v1/sessioninfo" | GET_BASIC_USER_INFO | Deprecated documentation. For more information, refer to: Session User v2 |
| "GET", "/pod/v1/streams/{streamId}/info" | SEND_MESSAGES | Deprecated documentation. For more information, refer to: Stream Info v2 |
| "GET", "/pod/v1/user" | GET_BASIC_CONTACT_INFO | Deprecated documentation. For more information, refer to: Users Lookup v3 |
| "GET", "/pod/v1/user/presence" | GET_PRESENCE | Deprecated documentation. For more information, refer to: Get Presence |
| "GET", "/pod/v1/user/{userId}/presence" | GET_PRESENCE | Deprecated documentation. For more information, refer to: Get User Presence |
| "GET", "/pod/v2/sessioninfo" | GET_BASIC_USER_INFO | Session User v2 |
| "GET", "/pod/v2/user" | GET_BASIC_CONTACT_INFO SEND_MESSAGES | Deprecated documentation. For more information, refer to: Users Lookup v3 |
| "GET", "/pod/v2/user/presence" | GET_PRESENCE | Get Presence |
| "GET", "/pod/v2/user/{userId}/presence" | GET_PRESENCE | Deprecated documentation. For more information, refer to: Get User Presence |
| "GET", "/pod/v3/room/{roomId}/info" | MANAGE_ROOMS | Room Info v3 |
| "GET", "/pod/v3/user/{userId}/presence" | GET_PRESENCE | Get User Presence |
| "GET", "/pod/v3/users" | GET_BASIC_CONTACT_INFO | Users Lookup v3 |
| "POST", "/v1/user/{uid}/follow" | MANAGE_USER_FOLLOWING | Follow User |
| "POST", "/v1/user/{uid}/unfollow" | MANAGE_USER_FOLLOWING | Unfollow User |
| "GET", "/agent/v1/signals/{signalId}/get" | MANAGE_SIGNALS | Get Signal |
| "GET", "/agent/v1/signals/{signalId}/subscribers" | MANAGE_SIGNALS | Subscribers |
| "GET", "/agent/v1/signals/list" | MANAGE_SIGNALS | List Signals |
| "POST", "/agent/v1/signals/create" | MANAGE_SIGNALS | Create Signal |
| "POST", "/agent/v1/signals/{signalId}/update" | MANAGE_SIGNALS | Update Signal |
| "POST", "/agent/v1/signals/{signalId}/delete" | MANAGE_SIGNALS | Delete Signal |
| "POST", "/agent/v1/signals/{signalId}/subscribe" | MANAGE_SIGNALS | Subscribe Signal |
| "POST", "/agent/v1/signals/{signalId}/unsubscribe" | MANAGE_SIGNALS | Unsubscribe Signal |
| "POST", "/agent/v3/stream/{streamId}/share" | SEND_MESSAGES | Share |
| "POST", "/agent/v4/stream/{streamId}/message/create" | SEND_MESSAGES | Create Message v4 |
| "POST", "/agent/v4/message/blast" | SEND_MESSAGES | Blast Message |
| "POST", "/agent/v4/stream/{:sid}/message/{:mid}/update" | SEND_MESSAGES | Update Message v4 |
| "POST", "/v1/admin/messagesuppression/{messageId}/suppress" | SUPPRESS_MESSAGES | Suppress Message |
| "POST", "/pod/v1/connection/create" | REQUEST_USER_CONNECTIONS | Create Connection |
| "POST", "/pod/v1/im/create" | SEND_MESSAGES | Create IM or MIM |
| "POST", "/pod/v1/presence/feed/create" | GET_PRESENCE | Create Presence Feed |
| "POST", "/pod/v1/presence/feed/{feedId}/delete" | GET_PRESENCE | Delete Presence Feed |
| "POST", "/pod/v1/room/{roomId}/membership/add" | MANAGE_ROOMS | Add Member |
| "POST", "/pod/v1/room/{roomId}/membership/demoteOwner" | MANAGE_ROOMS | Demote Owner |
| "POST", "/pod/v1/room/{roomId}/membership/promoteOwner" | MANAGE_ROOMS | Promote Owner |
| "POST", "/pod/v1/room/{roomId}/membership/remove" | MANAGE_ROOMS | Remove Member |
| "POST", "/pod/v1/room/{roomId}/setActive" | MANAGE_ROOMS | De/Re-activate Room |
| "POST", "/pod/v1/streams/list" | LIST_USER_STREAMS | List User Streams |
| "POST", "/pod/v1/user/presence" | SET_PRESENCE | Deprecated documentation. For more information, refer to: Set Presence |
| "POST", "/pod/v1/user/presence/register" | GET_PRESENCE | External Presence Interest |
| "POST", "/pod/v1/user/search" | GET_BASIC_CONTACT_INFO | Search Users |
| "POST", "/pod/v2/user/presence" | SET_PRESENCE | Set Presence |
| "POST", "/pod/v3/room/create" | MANAGE_ROOMS CREATE_USER_STREAM | Create Room v3 |
| "POST", "/pod/v3/room/search" | MANAGE_ROOMS | Search Rooms v3 |
| "POST", "/pod/v3/room/{roomId}/update" | MANAGE_ROOMS | Update Room v3 |
| "POST", "/pod/v3/user/presence" | SET_PRESENCE | Set Other User's Presence - Admin V3 |
The following table describes the use of permissions:
| Permission | Usage |
|---|---|
| GET_BASIC_CONTACT_INFO | An app can get basic contact info. |
| GET_BASIC_USER_INFO | An app can get basic contact info. |
| SEND_MESSAGES | An app can send messages on behalf of a user. Creates IM for users. |
| SUPPRESS_MESSAGES | An app can suppress a user's messages on behalf of that user. |
| CREATE_USER_STREAM | An app can create streams on behalf of a user. |
| MANAGE_ROOMS | An app can manage streams on behalf of a user. |
| MANAGE_SIGNALS | An app can list, create, edit, and delete signals on behalf of a user. |
| LIST_USER_STREAMS | An app can get a list of user streams on behalf of users. |
| GET_USER_CONNECTIONS | An app can get an appinfo of all user connections on behalf of users. |
| REQUEST_USER_CONNECTIONS | An app can send connection requests on behalf of users. |
| GET_PRESENCE | An app can get a user presence on behalf of users. |
| SET_PRESENCE | An app can set presence on behalf of users. |
| MANAGE_USER_FOLLOWING | An app can make a list of users follow or unfollow a considered user, identified by his uid. |
All OBO endpoints respect any existing entitlements or state for the user in session.
For instance, if a user is not already connected to another user, an app cannot send a message to the second user on behalf of the first. Another example is that if a user does not have the "Can Send Files" entitlement in Symphony, an app cannot send a message containing an attachment on behalf of the user.