Author: Pathfix

Integrations. According to a recent study by Gartner, through 2020 SaaS companies will be spending 50% of development time on integrations. Platforms all over the world are implementing integration-first strategies to grow and scale their product usage.

However, before you can offer any SaaS integration to your users, there is a crucial piece of technology implementation you need to know – OAuth.

While there are several SaaS solutions that deal with integrations, these mostly handle internal workflow automations and not user facing, native integrations. This is where OAuth comes in.

To know more about the difference between a workflow automation tool and an oauth solution, read our post on Pathfix Vs. Zapier.

What is OAuth?

According to Wikipedia “OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.”

In simple terms – OAuth allows you to receive authorization from your users to get access to their data. This data does not only mean user identity, but access to data they have with their providers.

OAuth framework is the most secure and preferred method adopted by most providers globally to allows for communication between applications. This is largely two-way communication, pushing data to platforms and/or pulling data into your platform.

OAuth Scopes

Scopes limits the SaaS application’s access to the user’s data. During authorization, the user is presented with a consent screen that shows the scopes it wants to access. The user can then allow or deny access to the scope presented. The SaaS app can request access to one or more scopes which will show up in this consent screen.

Scopes are always defined by the service provider; they define what data can be accessible by 3rd party and what cannot. While accessing, it is always a good idea to check the scopes permitted by the provider and enter that information that is requested as-is.

OAuth Grant Flow

The most common grant type is the Grant Flow. This flow exchanges an authorization code for an access token.

Here is how a typical Grant Flow works:

Token Management System

As shown in the flow above, tokens are required during the process of receiving consent and permission from the user to access data. These are:

Access tokens – Applications use access tokens to gain and make API requests on behalf of the user. This token grants the requesting application access to specific data granted by the user.

Refresh tokens – Used when an access token is expired, a refresh token is sent by the client to refresh expired access tokens.

Your token management system needs to verify tokens, refresh expired access tokens, store tokens in secure and confidential data storage that is accessed by the provider only and most importantly, be secure in-transit and at-rest.

OAuth Authorization Server

The OAuth Authorization Server (AOS) is a gatekeeper that providers authentication and issues tokens. Also, it validates or rejects tokens before calls are redirected to the internal API server

The final piece, SDK’s

SDK stands for Software Development Kit (or devkit) is essentially a collection of tools you need to build on a platform.

They are designed to perform specific tasks, programming, or languages. This means if you are looking to build an integration to Google Sheets to pull all new entries into your application, you will need to look for and/or build an SDK that performs that exact task complete with the programming language, API and endpoints.

Most often, during the OAuth programming stage, this step consumes the most time as this requires research and finding the right and stable devkit to complete the actions you are looking for.

Or, Get Serverless OAuth Instead

So yes, building an OAuth module with the right server, SDK, token management and flows is time consuming and a bit complicated. Most service providers have their own structures and flows that you need to build for. Which means, one size does not fit all. If you are looking to integrate with multiple providers, you will need to go through this entire process again.

With Pathfix, instead of all that manual work, you can get oauth connected and start using any providers APIs in just a matter of minutes. Pathfix is an oauth tool that gets you connected to any provider with just a few lines of code. It handles the entire framework, token management and servers, without needing SDKs ever, all ready to go.

Reference Links

We recommend going through some of these reference links if you are looking to build the entire OAuth structure yourself

https://oauth.net/2/

https://www.oauth.com/

If you are building or part of an existing SaaS platform, you probably have already setup a login module where your users can enter an ID and password.

Your login module already manages the following:

• Capture email and password
• Store in encrypted modules
• Account linking
• Subscription linking
• Feature access
• Role definition

… essentially, everything you need to manage your users.

But, you would like to add a convenient button that would allow your users to use their login from an existing provider, to access your platform.

This is where Single Sign On comes in.

---

What is Single Sign On?

Single Sign On (SSO) is an online identification methodology that lets websites use other, trusted services to verify users.

Simply put, you offer your users the ability for them to login to your platform, using other websites login credentials. All this without creating or sharing passwords.

SSO leverages OAuth based authentication. The identity provider offers the requesting platform the ability to use their identity scope to allow their verified users to login to platforms. User verification is done completely by the service provider.

Why SSO?

There are multiple benefits of adding SSO to your platform. Let’s look at both sides –

1. User Benefits
2. Business Benefit.

User Benefits

Convenience: Your user gets to login to your platform using their existing login credentials. There are hundreds of platforms with hundreds of login credentials to remember and save. By adding an SSO option, you make it convenient for your user to login to your platform without the need for any additional login credentials to remember.

Faster login: Users get quicker access to your platform with an SSO button with no long sign up forms to fill.

Permission transparency: The entire authentication is completely transparent. Users get to see the data the platform is requesting for and allow access that is being requested by the app.

Secure: With oauth, there are no credentials shared between applications

Business Benefits

Less code to manage: an SSO based login approach allows businesses to extend their login module without adding any additional code to manage and maintain.

More users: Faster onboarding equals more signups. Businesses that add SSO have seen a significant increase in their signups since there are no forms to fill up adding to the signup funnel. User click to login and access your platform instantly, resulting in more signups.

Verified signups: User profiles are verified by the identity provider, this takes away the entire email verification process.

Added trust: Adding the ability to login with a trusted and existing provider add a sense of trust with the user since they are not sharing any sensitive data with you and your app has been verified by the service provider.

Secure login: Since there are no passwords to maintain, there is reduced chances of being hacked or stolen passwords

---

Popular Identity Providers

Here are some of the most popular identity providers

---

How to add SSO to an existing login module?

Pathfix’s SSO extension allows you to enable SSO in your existing login module in just a few minutes.

There are over 7 different identity providers you can choose from including Azure Active Directory, GitHub and Google; and quickly add them to your existing login module.

Here’s how you can achieve this:

• Login to your Pathfix account here
• Click on Extensions and select SSO (Single Sign On)

• Select your Application from the drop-down
• Pick the identity providers you would like to offer

• Enter the Client ID and Client Secret received from the selected service provider . (Note: some providers also require a Tenant Id, you will see the option to enter it here if required)

• Once you have completed the above step for each service provider you wish to add (selected providers will be marked with a Green Check-mark)
• Click on Generate Code

• Edit the text for Button prefix
• Enter the Callback function where you would like Pathfix to send the login information
• Enter a Hello text (e.g. Welcome) (This is how the user will be welcomed on your page. The text is followed by the First Name, Last Name of the user)

• Enter the code received into your existing login module (in the <div> where you want the social login buttons to show)
• The social login buttons will immediately show on your login section

Conclusion

Adding an SSO login button to your existing login module is a great approach to build users and quicker on-boarding processes. The process of adding some of the most popular identity providers is quick using Pathfix’s SSO Extension.

Sign up for free account with Pathfix.

Need further clarifications? Reach out to our team.

A lot of times users think Pathfix is like Zapier. Users have reached out to us asking if Pathfix is an alternative to Zapier.

So, to put rest to the whole ‘Pathfix Vs. Zapier’ discussion, we thought it best to write out a blog that details why we are nothing like Zapier.

Short answer? No, Pathfix is not like Zapier.

SaaS growth

With so many SaaS solutions being released daily, it is no surprise that integration and workflow automation tools are becoming the need of the hour. The more connected your SaaS gets, the more data and growth your SaaS sees.

 

To put this in numbers:

There are thousands of SaaS platforms that already exist. Of these, there are over 7,000 in marketing alone!

With these many existing platforms (with thousands of users), it would make sense to have an integration first approach so that your data speaks to their data and vice versa. This is where Integrations come in.

---

Let’s break this down…

There are 2 types of integrations:

1. Backend integrations
2. User facing integrations

 

Backend integrations refers to server to server connections that perform actions and process data in the background. These could be pulling data from another platform, performing actions on them (e.g. analysis, etc.) and moving the processed data into another server/platform.

Backend integrations can be either internal data or user data. Internal data is data that belongs to the internal team and user data is data that belongs to the user.

Zapier is great for moving bits of data that belong to internal team members – not for when you want to move data that belongs to your user.

 

User facing integrations allow a SaaS platform’s user to connect their 3rd party tools to the platform. This requires an End-User Authorization process (OAuth, API Key based) that lets the user give permission to the requesting SaaS to access data from the provider.

 

Pathfix is built for user-facing SaaS integrations.

The Pathfix OAuth platform handles the entire OAuth process between the 3rd party app and your SaaS, allowing you to offer native, user facing integrations to multiple providers without managing the OAuth-based authorization flows.

Pathfix Automation handles Backend integrations (server to server) for your connected users through its workflow based interface to call any providers APIS as well as handles complex data transformation needs along with webhook functionalities – all while maintaining the user’s context.

 

Zapier is the workflow automation tool that allows individuals to connect to apps and action a flow based on a trigger. These workflows however, are only for apps that you have an account for – i.e. you log into Software A and Software B and create a workflow between the two apps. It is not built for user-facing SaaS integrations.

---

Here’s a quick comparison of Pathfix Vs. Zapier:

Conclusion:

If you are looking for a solution to build integrations in your SaaS platform – you need Pathfix (not Zapier).

Pathfix has been built to enable integrations in SaaS platforms. We help SaaS creators build user-facing integrations on their platform.

Start with the OAuth Platform or build out your API automation workflow with the Automation platform.

Need further clarifications? Reach out to our team.

CRM softwares allow businesses to manage customer interaction and customer data. Additionally, CRM tools help companies manage vendors, partners and employee relations.

Businesses choose CRM tools to help them manage their business information and it is one of the first tools purchased, its no surprise that CRM tops our list of integrations any SaaS platform should connect to.

Here are the top 3 integrations SaaS companies pick in the CRM category:

Hubspot

Hubspot has over 73,400 customers in more than 120 countries

Hubspot is a leading growth platform that offers an end to end solution across marketing, sales, customer service, and CRM function. It is our number 1 pick for CRM integrations chosen by our users.

Salesforce

Salesforce has over 150,000 customers (SMB and Enterprise) as of October 2019

Salesforce is an all in one platform for sales, marketing and service. Additionally, Salesforce offers a suite of enterprise solutions that focus on marketing automation, app development, customer service and much more.

Pipedrive

Pipedrive has 50,000 customers as of March 2017

Pipedrive is the #1 user rated CRM solution that focuses on Sales CRM and pipeline management solution

Serverless OAuth Integration With Pathfix

Pathfix allows you to connect to these productivity apps and more in less than 5 minutes without managing any servers or SDK’s. Check it out here.

Integrations help you build usability and scalability in your SaaS product. Building connections to other platforms allows you to be a part of your users stack.

However, identifying the platforms you want your SaaS to be connected to can be a long process.

Since Pathfix allows SaaS platform builders to connect to multiple providers, we wanted to share the top 5 productivity tools builders connect to.

What is a Productivity Software?

Productivity softwares help you work more efficiently by managing parts of your daily activities and handle daily tasks effectively.

Here are the top 5 productivity software’s you should integrate with in 2020:

Slack

Slack had around ten million daily active users and 85,000 paid organization users as of January 2019.

Slack brings team communication and collaboration into one place so you can get more work done. The first choice for team collaboration and communication, Slack is the top choice to build integrations.

G-Suite

G Suite had 4 million paying businesses, and 70 million G Suite for Education users as of January 2017.

G Suite is a suite of cloud computing, productivity and collaboration tools, software and products developed by Google Cloud. With 4 million+ businesses, G Suite is one of the most commonly used productivity tools which include Docs, Sheets, Forms and Slides.

Trello

Trello has 50 million registered users as of October 2019

Trello is a very popular visual list making application that focuses on team collaboration with its boards, lists, and cards. Trello boards are used anywhere from managing daily activities to product roadmap.

Google Calendar

Google calendar has over 500 million installs as of February 2017

Google Calendar is a time-management and scheduling calendar service developed by Google. Google calendar is the default calendar option for most users globally as it is available for free with every Gmail account (personal) and G Suite account (business). This makes it the top choice for any calendar related integration.

Intercom

As of February 2017, Intercom has 100,000 monthly active users. As of October 2018, Intercom has 30,000 paying customers.

Intercom is a message-based communication platform that allows businesses to communicate with customers/users within their website, application, social media or email.

Integrate with Pathfix

Pathfix allows you to connect to these productivity apps and more in less than 5 minutes without managing any servers or SDK’s. Check it out here.

Cloud solutions are growing rapidly. To put things in perspective, as of today, there more than 7K cloud saas solutions in the marketing space alone!

The reason is simple – it is not possible for one SaaS solution/platform to cover all the needs for any organization.

What does that mean for the user?

The user will end up having a set of solutions that when combined, allows them to get the functionality they need. But this means, they have multiple logins, data split across these solutions and have to spend time to bring all this data in one place.

What does this mean for the SaaS?

The chances of a SaaS solution being used more frequently, goes down. Your user will mostly stick to the solution that offers the most answers to their questions. The SaaS solution needs to be a part of the users existing stack to get more usability out of their system.

The solution: Integrations

Integrations allow you to connect and speak to the apps that your users are already consuming, this increases the frequency of usage and allows the user to sync their data across the applications they use.

Why should you consider integrations?

Scalability

Adding integrations to SaaS allows you to add more value to your product. By giving your users the ability to connect to other softwares, they get new ways of using your product. This helps you scale your product quickly, rather than working as a loner.

Usability

By being a part of your users existing software stack, you increase the odds of your software being used. Offering integrations to other platforms also means that your users get to do much more with the data collected from your software.

User Ease of Use

Not having to switch between apps, logins (think about those retention emails), you have simplified how your users end up using the data collected by your app. You have not just built dependency on your app but you have also eased the users ability to use your platform.

Building integrations are a key factor for any SaaS platform that is looking to grow their solution. With multiple API builders out there, that get you going in a few days, connecting them can be one in less than 5 minutes by using Pathfix.

Introduction to OAUTH2

Oauth1 and 2 are frameworks for access delegation. It allows two apps to interface with each other on behalf of the end user. The end user will have an account in both apps.

OAUTH specification is not a protocol but a framework. OAUTH 1.0 followed a 3-legged framework and OAUTH 2.0 specifies a 2 legged one. The framework simplifies the level of access (scope) the requesting app has to the user data in the service provider’s app. All of it is managed by a sequence of tokens being exchanged between the two applications that finally authorizes the messages.

I need more than a few integrations

Ability to integrate into the end users work environment is synonymous to integrating into the tools or softwares they use. It’s no fun building a new notification system when you already have so many office-based communication software, i.e Slack, MS Teams etc. you could send your notifications to.

OAUTH to the rescue….

Beyond Notifications

What else can OAUTH Integrations be used for? A few use cases…

• Read from End Users Cloud Drive (Like pictures, documents)
• Push Data to CRM systems
• Push and Pull Data to and from Marketing and Marketing Analytics Softwares
• Integrate Devops with Ticketing Systems
• Pull data from multiple systems to and provide ML based reporting
• Read mail subscribers from popular bulk mail providers
• Fetch videos from popular video service providers
• Push messages into Social Media
• Many more… The list is endless with so many special purpose softwares being built, Integration strategies will sit deep rooted into product development life cycle.

The problem was big enough, with no simple solution!

The Ideation Stage

Our Goal was to keep it simple. We wanted to make sure we stuck to our goal and designed a system that followed the same approach: Keeping it simple.

We listed out our set of questions that would led to designing the system the way it is.

Some of these were…

• Should we create API and distribute SDK’s?
• How many will we create?
• What languages will we support?
• Will we redefine our SDK to override those of the service providers?
• Will we create API SDK’s for smaller service providers (who support OAUTH)?
• How many versions of SDK’s will we maintain?
• Will developers have to familiarize themselves with our API?
• If we do create the libraries, should we not distribute the libraries as opensource?
• Well, that would be one more batch of libraries, wouldn’t it?

The Aha Moment

“Can we create a pass through that only solves the access token management and refresh? We should not have new API, only an interrupt that does not aim to overachieve.”

Pathfix Was Officially Born

And here is what we came up with: An authorization solution that enables integrations without needing to download or install SDK’s – A passthrough solution.

Here is what it would do:

Authorization

• Provide developers with a Redirect URL that they register with their Provider.
• Ask the developer to register the ClientId and Secrets in our encrypted key vault.
• When the user authorizes with the service provider they are redirected to Pathfix server.
• Pathfix exchanges this information for a token and refresh token and holds it in a token vault with a some additional information. 1) Provider ( Slack, Ms Teams) 2) Your User’s Id and 3) Your Pathfix Id.

Integration

• Pass all the messages with the exact payload as defined by the service provider to our servers
• When doing this pass the same parameters: 1) Provider ( Slack, Ms Teams) 2) Your User’s Id and 3) Your Pathfix Id
• We stamp the message with the token and send it over and give you the exact response returned by the provider.

All done in simple 2 step process, all done in less than 5 minutes!

Time to put it to test

We began to use it in most of our applications internally and it worked perfectly. Our developers absolutely loved the fact that they no longer had to build out frameworks, token management systems or servers to manage oauth.

No one had to learn any new API’s, or download and install SDK’s. It was a simple few lines of code with a few replacements, and we were off to the races!

42: The answer to everything

We just introduced a technology solution with libraries. A complete serverless oauth solution that was ideal for anyone who wanted to save time and effort (read: money!) while building integrations.

Check out Pathfix here. Need help? Email us!

OAUTH2 – An Intro

Oauth1 and 2 are frameworks for access delegation. It allows two apps to interface with each other on behalf of the end user. The end user will have an account in both apps.

OAUTH specification is not a protocol but a framework. OAUTH 1.0 followed a 3-legged framework and OAUTH 2.0 specifies a 2 legged one. The framework simplifies the level of access (scope) the requesting app has to the user data in the service provider’s app. All of it is managed by a sequence of tokens being exchanged between the two application that finally authorize messages.

The Use Case

I am an online Photo Printing Service provider – PrintPixie. Registered User can upload a photo or connect to Cloud Drive where they hold their photos, select print parameters, pay and submit their order.

In this use case we have…

• Client – PrintPixie
• Cloud Drive Service Providers – Google, iCloud, Onedrive etc.
• End User – Say megan@personalemail.com

The Integration Strategy

Here the integration strategy is as follows…

• Fetch the list of photos (thumbnails) available on the end users cloud drive
• Pull a high res image once the user has made a selection

There are two ways to implement this

• Managed Server
• Serverless

Managed Server – Implement code in PrintPixie

Assumption that PrintPixie is built using Python. Here is a sample top level task structure.

1. Register printpixie with each of the service providers’ as a client app to fetch the clientId and clientSecret and provide a redirectUrl to your server (Task 3. Below)
2. Download Python Authentication libraries/sdk’s for each of the providers.
3. Create a server API to handle authorization redirect.
4. Call the authentication library to get access token.
5. Create a data store to hold end user Access Tokens.
6. Write integration wrapper to
   GetListOfPhoto
   GetHighResLocation
7. Fetch previously retrieved end user access token from data store and refresh if expired
8. Map each of the above interfaces to the service provider API in their library.
9. Make the call
10. Attach tokens to call
11. Log call
12. Log errors
13. Notify if there are any errors

Serverless- Use an OAuth proxy 

By redirecting your Authorization and Messaging through a service. Pathfix offers this. It proposes that we try a slightly different approach to all of this. Here is how they would do it.

1. Register printpixie with each of the service providers’ as a client app to fetch the clientId and clientSecret and provide a redirectUrl (provided by Pathfix) to your server (Task 3. Below)
2. –
3. –
4. –
5. –
6. Write integration wrapper to
   GetListOfPhoto
   GetHighResLocation
7. –
8. Map each of the above interfaces to the service provider API in their library. (Usually using a JSON file to map API interfaces)
9. Make the call
10. –
11. –
12. –
13. –

The entire process has reduced from the original 13 step process to a simplified 4 step process!

Summary

We see that there is a significant reduction in the time to live. Not only have the no. of tasks reduced but it has freed up a developers time to get to the specific integration much quickly. With this method if you have an Integration Strategy in mind (like PrintPixie did), you can go live in a couple days if not less.