Authentication and authorization

Egnyte APIs use OAuth2.

• API key (also known as client_id) - is the identifier of an application/integration
• API token (also known as access_token) - is the auth token generated for a particular user using the API key and OAuth flow

We are providing a helper service "Enhanced Auth Service" to our partners developing apps that adds an additional step before OAuth Auth Code flow to ask the user about their Egnyte Connect domain (what's a domain? see definitions)

You should consider using the service before trying anything else. More on that below.

Our online documentation lists various methods of getting an access token:

• AUTHORIZATION CODE FLOW - your default choice of OAuth2 flow. It's also the only flow that works with Enhanced Auth Service
• IMPLICIT GRANT FLOW - A less secure version of OAuth2 compatible flow. Only usable for integrations that are limited to just JavaScript code in the browser and have no back-end to participate in auth. Not recommended unless it's impossible to use Code flow.
• Internal Applications "Resource Owner Password Credentials Flow" - only usable for Egnyte customers using the APIs. Your developer key will not work with this method

Enhanced Auth Service

The service will start by asking your user what their Egnyte domain is. (what's a domain? see definitions)

If user types a domain that their company set up on top of the one provided by Egnyte, our service will make sure it's correctly resolved to {somename}.egnyte.com for you.

After getting the domain, Enhanced Auth Service will get the Auth Code step done too and let you continue the flow.

Usage

Enhanced Auth Service documentation

Use it just like you would use the first step of OAuth2 Code flow.

We provide two URLs for the service to let you redirect users to the closest location, but in fact only one request is made to that server so if you don't have the means to figure out if the user should start in US or Europe, just pick one.

Getting current user

It's sometimes too easy to miss it, so it deserves a direct link here.

This is how you get the current user based on an access token in the request: Getting User Info

For more details about the user, if necessary, you can request Users API by id.

Errors

Developer Inactive

When API responds to an authenticated request with this information it means the token you are using is incorrect or missing (typo maybe?).

This error can also happen if you're using a token generated by a key that's only supposed to work with *.qa-egnyte.com with *.egnyte.com.

Invalid Egnyte domain configured in app profile.

While you're developing your integration, the API key is configured to only work with one Egnyte domain - the one that's been registered for you. Once you get your integration certified, it will work with all Egnyte domains. For now you need to stick to your developer environment.