Hi
I am at the design phase of a new premium app. This integrated app will provide features to the Genesys Cloud customer that require API access of our own public API. As part of the registration process, I will utilize a static API key in order to create a customer account and user in our own platform. This user account will be used to allow API access.
I don't want to force the Genesys Cloud customer to have to login to our own application, so I need a way to bind the Genesys Cloud user with our own. What is the best way to authenticate that the current user is authenticated with your platform? I dont want to impersonate our user account without first knowing we are integrated into your cloud platform and authenticated.
My concerns is someone takes our iframe url and embeds this into their own site and spoofs the Cloud API's.
Thanks
Gavin