Get Started with OBO
OBO or On-Behalf-Of authentication allows an extension application to be able to call REST API endpoints to perform operations on behalf of an application end-user.
Such operations include:
- List the streams of a given user
- Initiate connection requests to and determine connection status with other users
- Get the presence state of other connected users
- Initiate IMs and MIMs with other users
- Send messages and attachments
- Set the context user's own presence
More information on OBO
For more information, please refer to OBO Authentication.
API endpoints enabled for OBO
The following table describes which of our REST API endpoints are OBO-enabled, and for each the application permission that must be granted to the app.
OBO-enabled endpoint | Permission | Endpoint documentation |
|---|---|---|
"GET", "/pod/v1/connection/list" | GET_USER_CONNECTIONS | |
"GET", "/pod/v1/admin/system/protocols/list" | SEND_MESSAGES | Deprecated documentation. |
"GET", "/pod/v1/connection/user/{userId}/info" | GET_USER_CONNECTIONS | |
"GET", "/pod/v1/files/allowedTypes" | SEND_MESSAGES | |
"GET", "/pod/v1/presence/feed/{feedId}/read" | GET_PRESENCE | |
"GET", "/pod/v1/sessioninfo" | GET_BASIC_USER_INFO | Deprecated documentation. |
"GET", "/pod/v1/streams/{streamId}/info" | SEND_MESSAGES | Deprecated documentation. |
"GET", "/pod/v1/user" | GET_BASIC_CONTACT_INFO | Deprecated documentation. |
"GET", "/pod/v1/user/presence" | GET_PRESENCE | Deprecated documentation. |
"GET", "/pod/v1/user/{userId}/presence" | GET_PRESENCE | Deprecated documentation. |
"GET", "/pod/v2/sessioninfo" | GET_BASIC_USER_INFO | |
"GET", "/pod/v2/user" | GET_BASIC_CONTACT_INFO | Deprecated documentation. |
"GET", "/pod/v2/user/presence" | GET_PRESENCE | |
"GET", "/pod/v2/user/{userId}/presence" | GET_PRESENCE | Deprecated documentation. |
"GET", "/pod/v3/room/{roomId}/info" | MANAGE_ROOMS | |
"GET", "/pod/v3/user/{userId}/presence" | GET_PRESENCE | |
"GET", "/pod/v3/users" | GET_BASIC_CONTACT_INFO | |
"POST", "/v1/user/{uid}/follow" | MANAGE_USER_FOLLOWING | |
"POST", "/v1/user/{uid}/unfollow" | MANAGE_USER_FOLLOWING | |
"GET", "/agent/v1/signals/{signalId}/get" | MANAGE_SIGNALS | |
"GET", "/agent/v1/signals/{signalId}/subscribers" | MANAGE_SIGNALS | |
"GET", "/agent/v1/signals/list" | MANAGE_SIGNALS | |
"POST", "/agent/v1/signals/create" | MANAGE_SIGNALS | |
"POST", "/agent/v1/signals/{signalId}/update" | MANAGE_SIGNALS | |
"POST", "/agent/v1/signals/{signalId}/delete" | MANAGE_SIGNALS | |
"POST", "/agent/v1/signals/{signalId}/subscribe" | MANAGE_SIGNALS | |
"POST", "/agent/v1/signals/{signalId}/unsubscribe" | MANAGE_SIGNALS | |
"POST", "/agent/v3/stream/{streamId}/message/create" | SEND_MESSAGES | Deprecated documentation. |
"POST", "/agent/v3/stream/{streamId}/share" | SEND_MESSAGES | |
"POST", "/agent/v4/stream/{streamId}/message/create" | SEND_MESSAGES | |
"POST", "/v1/admin/messagesuppression/{messageId}/suppress" | SUPPRESS_MESSAGES | |
"POST", "/pod/v1/connection/create" | REQUEST_USER_CONNECTIONS | |
"POST", "/pod/v1/im/create" | SEND_MESSAGES | |
"POST", "/pod/v1/presence/feed/create" | GET_PRESENCE | |
"POST", "/pod/v1/presence/feed/{feedId}/delete" | GET_PRESENCE | |
"POST", "/pod/v1/room/{roomId}/membership/add" | MANAGE_ROOMS | |
"POST", "/pod/v1/room/{roomId}/membership/demoteOwner" | MANAGE_ROOMS | |
"POST", "/pod/v1/room/{roomId}/membership/promoteOwner" | MANAGE_ROOMS | |
"POST", "/pod/v1/room/{roomId}/membership/remove" | MANAGE_ROOMS | |
"POST", "/pod/v1/room/{roomId}/setActive" | MANAGE_ROOMS | |
"POST", "/pod/v1/streams/list" | LIST_USER_STREAMS | |
"POST", "/pod/v1/user/presence" | SET_PRESENCE | Deprecated documentation. |
"POST", "/pod/v1/user/presence/register" | GET_PRESENCE | |
"POST", "/pod/v1/user/search" | GET_BASIC_CONTACT_INFO | |
"POST", "/pod/v2/user/presence" | SET_PRESENCE | |
"POST", "/pod/v3/room/create" | MANAGE_ROOMS | |
"POST", "/pod/v3/room/search" | MANAGE_ROOMS | |
"POST", "/pod/v3/room/{roomId}/update" | MANAGE_ROOMS | |
"POST", "/pod/v3/user/presence" | SET_PRESENCE |
The following table describes the use of permissions:
Permission | Usage |
|---|---|
GET_BASIC_CONTACT_INFO | An app can get basic contact info. |
GET_BASIC_USER_INFO | An app can get basic contact info. |
SEND_MESSAGES | An app can send messages on behalf of a user. Creates IM for users. |
SUPPRESS_MESSAGES | An app can suppress a user's messages on behalf of that user. |
CREATE_USER_STREAM | An app can create streams on behalf of a user. |
MANAGE_ROOMS | An app can manage streams on behalf of a user. |
MANAGE_SIGNALS | An app can list, create, edit, and delete signals on behalf of a user. |
LIST_USER_STREAMS | An app can get a list of user streams on behalf of users. |
GET_USER_CONNECTIONS | An app can get an |
REQUEST_USER_CONNECTIONS | An app can send connection requests on behalf of users. |
GET_PRESENCE | An app can get a user presence on behalf of users. |
SET_PRESENCE | An app can set presence on behalf of users. |
MANAGE_USER_FOLLOWING | An app can make a list of users follow or unfollow a considered user, identified by his uid. |
All OBO endpoints respect any existing entitlements or state for the user in session.
For instance, if a user is not already connected to another user, an app cannot send a message to the second user on behalf of the first. Another example is that if a user does not have the "Can Send Files" entitlement in Symphony, an app cannot send a message containing an attachment on behalf of the user.