Creating an integration that uses widgets only
This topic explains how to create an integration using the FotoWeb Selection Widget and Export Widget, without using features that require additional API access.
Integration using only widgets is available in:
- FotoWare SaaS for all users with an Editor license
- FotoWare SaaS for tenants on a subscription plan which includes API access
- FotoWeb On-Premises for all users with a Main or Pro license
- FotoWeb On-Premises with an activated API license
- In the FotoWeb Settings app, open Sites.
- Select Configuration for the site in question.
- Go to Integrations > Applications.
- Select Add application.
- From the Type drop-down list, select Native/mobile if you're developing an integration without a back end, or Web App /API if you have got a back end.
- Select the Selection Widget option.
- As redirection URI, specify the web URL on which the application is hosted.
- Make a copy of the client ID, as it will be needed in the application.
Authorization - without backend
Once the user visits the start page of the application in the browser, the application must request an access token, which must be passed to embedded widgets to authorize the user to access FotoWeb.
Authorization - with backend
Integration with a backend requires additional development in a different language, and a suitable hosting platform (such as a stand-alone server or an app service in Microsoft Azure). A database or other kind of persistent storage is also needed for storing tokens. Such infrastructure incurs additional operational costs but may be acceptable due to the benefits, or it may already be available, for example, if the integrator already has a server, app service, and database used for other purposes.
An app with a back-end provides additional security and a better user experience. Users can stay logged in and do not have to consent every time (using refresh tokens), and the authenticity of the app is additionally verified using a client secret.
Authorization with a backend is documented in Web Application or API authorization.
A note about authorization
Both types of authorization are reasonably secure, as long as HTTPS is used to host the app, which ensures app authentication together with the consent dialog.
For information about the general use of the widgets, see Using the widgets.
The URL of the selection widget is as follows:
ACCESS_TOKEN is replaced by the access token obtained in the authorization step given in the query string of the URL.
Note: For all widget URLs, follow this documentation for whether to put the parameters into the query string or fragment.
The URL of the export widget is the same for both types of integration and is also described in Using the widgets.