How to enable Frends Platform API

It's not usable out of the box.

The Platform API is not active out of the box, and must be set up before it can be used. Currently the API uses only external authentication methods that you need to provide, setting the authentication up is requirement to using the Platform API.

Setting up the authentication

The Platform API uses Bearer Token authentication. The Bearer Token is created for you by the authentication server that needs to be separately added by contacting Frends support. Currently only Azure Active Directory (AAD) is supported. You can follow these instructions to create the app registration in AAD.

Sign in to your AAD environment, and navigate to App registrations and select New registration.

Picture showing the AAD App registrations, where to create the new app.
App registration in AAD is required for Platform API to work.

Give the application a name, and from Supported account types select Accounts in this organizational directory only (Single tenant). You can leave the redirect URI empty.

Picture shows the suggested settings for the registration.
Use these settings for the registration.

Next, navigate to Expose an API section and select Add Application ID URI. This will generate an Application ID URI for you. Click Save at the bottom of the view.

Picture shows the Application ID URI creation view in AAD.
Creating Application ID URI.

Next, we need to create an app role for the application. The application we created defines and publishes the app roles and interprets them as permissions during authorization. This is the reason why we need to create an Administrator app role for the application user so that we can access the Platform API.

Navigate to App roles and click on Create app role. Enter these values:

  • Display name: Admin

  • Allowed member types: Applications

  • Value: Administrator

  • Description: Admin

Remember to check that "Do you want to enable this app role?" is enabled.

Image shows the preferred settings for the app role in AAD.
Preferred settings for the app role in AAD.

Now, navigate to Certifications & secrets and add a new client secret. You can leave the description empty. Copy the value when it has been created, and store it in a safe location. This will be needed later and is not easily accessible afterwards.

Picture shows the Client secret after it has been created in AAD.
The client secret value will be hidden after creation.

Finally, go to API permissions and add new permission. Select APIs my organization uses and select the app you just created. Check the box Administrator. Finish the permission by selecting Grant admin consent. Without admin consent you are able to fetch the access token, but further Platform API requests will fail with unauthorized exception error.

Image shows how to add permissions for the created role to access the API.
Creating permission for admin for the API.

After that you are all set. Navigate to the Overview page and collect information from there for the subscription of the application to Frends Support. The information needs to be in JSON format, like shown below.

Put every public IP address with a subnet mask where the Platform API is to be used from, for example your Frends Agents' static IP addresses. The specified machines will be the only places that can make requests to Platform API.

{
    "allowedIps": [
        {
            "ipAddress": "0.0.0.0",
            "subnetMask": "255.255.255.255"
        },
        {
            "ipAddress": "0.0.0.0",
            "subnetMask": "255.255.255.255"
        }
    ],
    "audience": "<Application ID URI>",
    "tenant": "<tenant-name>.onmicrosoft.com"
}

Send this information to Frends Support and they will set up and enable the authentication for the Platform API.

Using the Platform API

Once the AAD App registration is done and authentication is set up, it's possible to start using the API.

Before actual requests can be made into the API, a bearer token must be obtained from AAD.

Use the following parameters in a HTTP Request Task to fetch the token. The examples assume the values have been saved as Environment Variables, except for the URL. All the values used in the Message are from setting up the authentication, while the Url is dependant on your AAD tenant's name.

  • Task type: HTTP Request

  • HTTP method: POST

  • Result method: JToken

  • Url: https://login.microsoftonline.com/<AAD tenant>.onmicrosoft.com/oauth2/token

  • Message: client_id={{#env.ManagementAPI.ApplicationId}}&client_secret={{#env.ManagementAPI.ClientSecret}} &grant_type=client_credentials &resource={{#env.ManagementAPI.ApplicationURI}}

  • Authentication: None

Picture showing example Process in Frends which fetches an auth token.
Example of fetching the bearer token from AAD.

After fetching the token, you can create requests to the Platform API using another HTTP Request Task and using the obtained token as OAuth token.

As an example, here are the Task details for requesting a list of Processes from your Tenant.

  • Task type: HTTP Request

  • HTTP method: GET

  • Result method: JToken

  • Url: https://yourtenant.frendsapp.com/api/v1/processes

  • Authentication: OAuth

  • Token: #result[HTTP Request Fetch Token].Body.access_token

Picture showing an example on how to use the obtained authentication token in another HTTP Request Task.
An example on how to use the obtained authentication token in another HTTP Request Task.

As long as the Agents in your Frends Tenant were whitelisted by their IP successfully, this Process can be used to test the functionality of the Platform API in your Tenant. If the development Agent Group's Agents were not whitelisted, you may need to deploy the Process to another Agent Group first.

If you whitelisted other IP ranges than for your Frends Agents, you can also go and perform these HTTP Requests using Postman, for example, and you should obtain the same result.

Last updated

Was this helpful?