Server-to-server integration (S2S) allows your back-end servers to communicate with the UNLOQ API and initiate approval requests on behalf of your user's. Since all our approval API requests are handled in a synchronous way (initiate the request and wait for response) and do not include additional callback mechanisms, initiating an authentication request is as simple as calling an API endpoint to generate an access token and another one to fetch the associated user information.
Since we are using this approach, UNLOQ can also be integrated with any desktop application or server-only
that can perform HTTPs calls and safely store the application's credentials (API Key)
Whenever you initiate an API call from your application to UNLOQ's API, you must include the Authorization: Bearer YOUR_API_KEY HTTP Header, so that we can validate the request.
The actual HTTP connection will contain a Transfer-Encoding: chunked HTTP header and will be kept open until a response is generated (either success or error, in the limit of 30 seconds).
Whenever UNLOQ is required to notify your application (back-end server) about an event, it will do so by executing a web-hook and signing the actual payload so that you can verify that the request is coming from UNLOQ and not from an unauthorized 3rd party.
Note: whenever your application will call the UNLOQ API, any firewall rules that your UNLOQ web application might contain will be applied, possibly resulting in the rejection of the call.
Have a question? You can always send us an email at firstname.lastname@example.org, or contact us on chat.
For security related concerns, please visit our Security page.