This topic explains how to create an integration using the FotoWeb Selection Widget and the Export Widget, without using features that require additional API access.
Integration using only widgets is available when:
- The user has a Plus or Pro license, which gives access to widgets regardless of server licenses or SAAS plan
- FotoWeb is installed on-premises with an activated API License
- FotoWeb is a SAAS tenant on a plan that includes API access
- In the FotoWeb site settings, select "Settings", then "Applications".
- Create a new application of type "Native / mobile" if you're developing an integration without a back end, or "Web App /API" if you have got a back end.
- Choose the Selection Widget option below.
- As redirection URI, specify the web URL on which the application is hosted.
- Make a copy of the client ID, as it will be needed in the application.
Authorization - without backend
Once the user visits the start page of the application in the browser, the application must request an access token, which must be passed to embedded widgets to authorize the user to access FotoWeb.
Authorization - with backend
An integration with a backend requires additional development in a different language, and a suitable hosting platform (such as a stand-alone server or an app service in Microsoft Azure). A database or other kind of persistent storage is also needed for storing tokens. Such infrastructure incurs additional operational costs, but may be acceptable due to the benefits, or it may already be available, for example if the integrator already has a server, app service and database used for other purposes.
An app with a back-end provides additional security and better user experience. Users can "stay logged in" and do not have to consent every time (using refresh tokens), and the authenticity of the app is additionally verified using a client secret.
Authorization with a backend is documented in Web Application or API authorization.
A note about authorization
Both types of authorization are reasonably secure, as long as HTTPS is used to host the app, which ensures app authentication together with the consent dialog.
General use of the widgets is described in the topic Using the Widgets.
The URL of the selection widget is as follows:
ACCESS_TOKEN is replaced by the access token obtained in the authorization step is given in the query string of the URL.
Note: For all widget URLs, pay attention to follow this documentation regarding whether to put the parameters into the query string or fragment.
The URL of the export widget is the same for both types of integration and thus also described in the topic Using the Widgets.