Skip to main content

How to Properly Handle Data Access and Authentication in a Geotab Add-In

JLuan-2076
Original Poster

We are developing a Geotab Add-In where certain vehicle data is processed externally, and the prediction results are then fetched from an external system but displayed inside the Add-In. Since this requires authenticated API calls, what is the recommended best practice in the Geotab ecosystem for authentication?

  • Should an Add-In rely on API keys or implement OAuth2 for secure access?
  • If API keys are used, what is the recommended way to provision and deliver them to customers in a secure and user-friendly manner?

I haven't been able to find documentation that clearly explains which approach is preferred.

Join the conversation

You need to be logged in to reply to this post and participate in the Geotab Community discussions.

1 Reply

Hey @JLuan-2076​,

 

The recommended best practice is to use the authenticated Geotab user and pass it to the Add-in to make any API requests, that way you're ensuring you have a valid session, you won't have to store a password for each user, and you will be utilizing their data access automatically. You can do this by passing the credentials (username, db, session id) to your addin in the page lifecyle method initialize. Here is a document about how to implement SSO in an add-in.

 

Thanks,

Tucker

Still have questions?