Inbox authorization
This article introduces different types of authorization for Inbox functionality. Inbox persists push messages intended to be read by a particular end user. End users must be authorized, since messages won't be stored for non-authorized users. Authorized end user is an end user who has corresponding profile in People and has "external person id" assigned on that profile.
Mobile Messaging SDK provides 2 ways to request messages from the inbox:
- Without user authorization. Only for testing environment in sandbox applications
- With user authorization
This mode is supported only for "Sandbox" applications on App Profile configuration page and should be used only for testing and demo purposes. It has no additional requirements and it is simple to use. Mobile Messaging SDK will provide messages to any supplied external person id. To enable this mode select the "Application code" radio button in "Inbox authorization type" section on App Profile configuration page
This mode is more secure and should be used in production, although it requires additional effort. In this mode the Mobile Messaging SDK will require a securely signed JSON Web Token (JWT) in order to pass authorization on server side. In order to enable this mode, select the "JSON Web Token (JWT)" radio button in "Inbox authorization type" section on App Profile configuration page
Your mobile application, using Mobile Messaging SDK, should perform the following flow during the end user login or before Inbox request:
The required structure of the JWT and an example of how to generate it can be found in the JsonWebToken(JWT) structure and generation example article.