Authenticating to your API
Transcend can integrate easily with APIs authenticated with API Keys or through OAuth applications. Transcend prefers APIs that support OAuth authorization code flows for security reasons, and it's simpler for our customers to set up.
As a general principle, Transcend should have only the permissions that it needs to submit requests.
Here are some links to API docs for partners that had excellent APIs
- SnapChat Ads. Snapchat has a very traditional OAuth2
authorization_codeflow. One security downside of their solution is that when users give access to Transcend to manage their Snap Ads account, they technically authorize Transcend to perform any marketing related actions with the Snap API. Hypothetically, a malicious Transcend could use this access to start new ad campaigns or disable current ones (a permission Transcend does not need). When Transcend's permissions are bloated like this, it increases client hesitation when connecting to Transcend.
- Google Analytics This API flow allows for very granular permissions. For example, Transcend's app is able to request the ability to delete users from custom audiences without having the ability to otherwise manage add campaigns through the user deletion permission.
*For partners with OAuth APIs only.
We require two distinct OAuth applications: one for development and testing, and another for our mutual customers to connect to in production. As such, there are four unique callback URLs:
App name: Remote Dev OAuth redirect URL: https://api.dev.trancsend.com/integration/[partnerName]/cb Developer email: firstname.lastname@example.org
App name: Staging OAuth redirect URL: https://api.staging.transcen.dental/integration/[partnerName]/cb Developer email: email@example.com
App name: Transcend DSR Automation OAuth redirect URL: https://api.transcend.io/integration/[partnerName]/cb Developer email: firstname.lastname@example.org