The xkit Developer Hub

Welcome to the xkit developer hub. You'll find comprehensive guides and documentation to help you start working with xkit as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Retrieving tokens from a Client

Retrieving 3rd Party Application Access Tokens from a Client

If you're writing a client (e.g. front-end Javascript) that needs access tokens for 3rd Party applications, you can retrieve them using the xkit.js.

Since you'll be operating in the context of a single user, you will only be able to retrieve the access tokens of the currently logged in user.

Using xkit.js

xkit.js is a browser-based Javascript library for working with the Xkit. Follow the installation instructions, and make sure that the webpage you'll be using xkit.js on is configured as a valid web origin.

xkit.js exposes 3 methods to retrieve a logged-in user's connections:

  • getConnection is a direct call to the Get User Connection endpoint.
  • getConnectionOrConnector will always return a connection-like object, as it will fall back to the Connector endpoint if a user has not set up a Connection.
  • getConnectionToken returns a token if it is available, and null otherwise.

It's recommended that you use the getConnectionToken method for the easiest experience. If the connection exists and is available, a token will be returned to you. Otherwise it won't , and you should send the user to the Xkit Catalog to create or repair the connection.

A sample usage of these functions is below:

xkit.ready(async () => {
  await xkit.login("your_user_token")
  const slackToken = await xkit.getConnectionToken("slack")
  if (!slackToken) {
    window.location.href = xkit.connectorUrl("slack")
  // ... do something with the Slack API

Group tokens not available

Note that if you are using the User Groups feature, you will not be able to retrieve access tokens from a Javascript client. Instead, you'll need to retrieve those tokens using the Get Group Connection API.

This is a security measure to prevent leaking of access tokens from one user to another.

Refreshing Access Tokens

These functions will automatically refresh expired access tokens if the corresponding service supports it. If you receive an error message from the service that an access token is expired or invalid, call the function again to receive a new access token or the updated status of the connection.

Updated 2 months ago

Retrieving tokens from a Client

Retrieving 3rd Party Application Access Tokens from a Client

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.