Private Integrations: Everything You Need To Know

Private Integrations

Private Integrations allows you to build powerful custom integrations between your account and any other third party app. 

If you are looking to integrate your account with a third party app, you have two options:

1. Find and install relevant app from the App Marketplace

2. Build your own private integration by yourself or with the help of a developer using APIs.

Private Integrations helps you achieve #2 securely.

The key advantages of using Private Integrations are:

• Simple: Generate Private Integration tokens from your account settings and manage them with ease.

• Secure: You get to restrict the scopes/permissions that a developer can access on your account

What's The Difference Between Private Integrations and API Keys?

Private Integrations, to put it simply, is more powerful yet secure alternative to API Keys.

How do I use Private Integrations?

Who can create Private Integrations?

A Private Integration can be created or managed by any account admin by default. 

This permission, however, can be restricted on a user-by-user basis. Navigate to "Settings" > "My Staff" > "Edit" the specific account user > "Roles & Permissions", and enable/disable Private Integrations.

Where can I find Private Integrations

You can manage Private Integrations in the left navigation menu by going to Settings and scrolling down to 'Other Settings'. 

Please ensure that you have enabled Labs if you can't find the setting.

How do I create a new Private Integration

Step 1: Click on "Create new Integration"

Step 2: Give your Private Integration a name and description to help you and your team identify what it's for.

Step 3: Select the scopes/permissions that you want the private integration to have access to on your account. Ensure that you are selecting only the required scopes for better data security.

Step 4: Copy the token generated and share it with your third-party app developer. 

Please ensure that you are sharing the token with trusted parties only. Do not share it publicly.

Note: Don't forget to copy the token generated as you won't be able to do it again later.

Best Practices to Maintain Security of my Private Integration Token

We recommend that you rotate your Private Integration tokens every 90 days.

Here's how you can do it.

Step 1: Navigate to Private Integrations under settings, and click on the Private Integration you have created.

Step 2: Click on "Rotate and expire this token later".

Step 3: Click "Continue" in response to the warning message if you are sure that you want to proceed with rotation. 

Step 4: Copy the new token and update it on your third-party app. You will have a 7 day window where both the old and the new tokens will continue to work. After 7 days, the old token will expire. In this 7 day window, you will have the option to:

1. "Cancel rotation" if, for example, your developer needs more time to update the token on the third-party app.

2. "Expire Now", if, for example, the third party app has been updated with the new token.

Note: Don't forget to copy the token generated as you won't be able to do it again later. 

Token has been Compromised

Step 1: Navigate to Private Integrations under settings, and click on the Private Integration you have created.

Step 2: Click on "Rotate and expire this token now".

Step 3: Click "Continue" in response to the warning message if you are sure that you want to proceed with rotation. 

Step 4: Copy the new token and update it on your third-party app.

Note: Don't forget to copy the token generated as you won't be able to do it again later.

Edit the Private Integration Permissions without Updating the Token

Yes, you can edit the Private Integration name, description and scopes/permissions any time after you've created it.

Here's how you can do it.

Step 1: Navigate to Private Integrations under settings, and select "Edit" from the three-dot menu.

Step 2: Update the Private Integration name and description if required. Click on "Next".

Step 3: If required, update the scopes/permissions that you want the private integration to have access to on your account. Ensure that you are selecting only the required scopes for better data security. Click on "Update" to save the updates made.

Note: Updating the Private Integration details does not generate a new token. The existing token will continue to work.

Delete the Private Integration once I no Longer Need it

You can delete the Private Integration once you no longer are using the third-party app.

To do so, navigate to Private Integrations under settings, and select "Delete" from the three-dot menu.