Embeddable UI
Authentication
Secure authentication for Reach
Reach uses JSON Web Tokens (JWT) for secure authentication. Each token links a user in your system to a user in Reach.
Please reach out to support@embedreach.com to
get a Shared Secret for your platform in order to generate JWT tokens.
JWT Token Requirements
Your JWT token must include the following fields:| Field | Description | Required |
|---|---|---|
| User’s email address | Yes | |
| name | User’s display name | Yes |
| externalId | Your system’s unique ID for this user | Yes |
| tenantExternalId | Your system’s ID for the user’s business | Yes |
| partnerId | Your unique vertical saas platform identifier provided by Reach | Yes |
| iat | Issued at time (in seconds since epoch) | Yes |
| exp | Expiration time (in seconds since epoch) | Yes |
Never expose your Shared Secret on the client side. JWT generation must always
be handled server-side.
Token Lifecycle
We recommend tokens expire after 1 hour (3600 seconds). The Reach SDK handles token expiration by calling your onReauthRequested callback when a token expires.For a full server side example of how to generate JWT Tokens that are
compatible with Reach please see the examples section
here. For information on including the JWT token in
requests please refer to our API Section of our
documentation.
Partner Scoped JWT
You can also create vertical software provider scoped JWT tokens. These can be used to configure resources across all your tenants. For example, if you are adding a new Channel Integration, you can use a partner scoped JWT to configure the integration for all your tenants. To use a partner scoped JWT, you can create a JWT with the following fields:| Field | Description | Required |
|---|---|---|
| partnerId | Your Reach Provided ID | Yes |
| type | Must be partner | Yes |