API Security | Transparency to users on app’s permissions

/in
**Marketplace OAuth Links**

  • A significant number of marketplace app installations are carried out using the Marketplace OAuth link (example). These links are embedded in third-party products’ integrations page that allow integration with Clixio.
  • This is similar to the Google OAuth link, where Google informs the user that an external site is about to access their account data and seeks your confirmation to proceed.
  • Until today, users arriving on this site were not aware of which permissions the app was gaining access to from their accounts.

**New OAuth Page**

  • We have created a new OAuth page where we inform users about the app they are about to install and outline the permissions the app will have access to.
  • If a private app tries to access sensitive permissions, such as user.write, we explicitly warn the user.
  • This feature is also available on the Marketplace’s grey-labelled OAuth page (example).

This feature provides users with enough information to make informed decisions about the API access they are granting to third-party apps, helping to secure their accounts from unauthorised access.

**Images:**

image
image