Many times when adding integrations to your app, you'll want multiple users in a company, organization, or team to share the same connection to a 3rd party service. Xkit enables this through a feature called Groups.
In order to use the Groups feature, you have to enable it in your Application settings.
- Visit Application Settings in the Xkit Developer Portal
- Turn the switch labeled "Groups" to the on position (to the right)
Turning this setting on will change some of the behavior of Xkit: read on to understand how it will impact your application.
You can add one of your users to a group either while provisioning that user for the first time, or you can update them after they have already been provisioned.
If the user already exists, they will be added to the group. It's important to note that any connections that the user has will be accessible to their new group, regardless of any group membership at the time the connection was made. Likewise, the group a user belonged to previously will no longer have access to that user's connections if they leave the group.
In general, you should avoid having users switch groups unless it is part of a larger migration strategy.
Even if you are using the Groups feature, you can have users without groups and Xkit will continue working normally.
For users in groups, the status that they see (either in the embedded catalog, or what is exposed in the xkit.js SDK) will reflect the status of the group. So if another group member has created a connection to a service, they will see the status of that connection.
Using the Groups feature disables the delivery of Access Tokens to the front-end via xkit.js. This is a security measure as delivering access tokens would result in leaking one user's tokens to another.
To retrieve access tokens, you should instead use the Get Group Connection API.
When using Groups, you can use the Get Group Connection API endpoint, which allows you to retrieve the connection status and access tokens / API keys for the group rather than any one individual. It works just like the Get User Connection endpoint, but uses the
external_group_id you assigned when provisioning your users.
Updated about a month ago