Use this section to define the application metadata. This data is used to enrich the experience of the Seismic admin who will ultimately be configuring your application. All information entered in this section will be visible within the Manage Apps page.
While only app name and email are required, we strongly encourage that all apps populate as much information as possible to enrich the experience of the Seismic admin. Failure to populate certain fields may deter users from installing/enabling the application.
|App name||The name of your app.|
|Logo||A logo representing your app. Please choose a square image between 32x32px and 312x312px.|
|Email address||The email address of the app owner.|
|Short description||A short description of the app. Supports a basic set of rich text formatting.|
|How it works||A longer description of how your app works. Supports a basic set of rich text formatting.|
|Support url||A link to app support page.|
|Company url||A link to a company page.|
|Documentation url||A link to documentation page for the app.|
|Terms of service url||A link to a Terms of Service page for the app.|
|App ID||The unique ID for this application. This ID will not change|
|Date Created||The datestamp of when this app was created|
|Signing Secret||A generated key that can be used to validate requests and payloads. Read more below|
|Distribution Link||Share this URL with a tenant admin to give them the ability to install your app in their tenant. You can read more on App Distribution|
App registration supports the generation of a signing secret that can be used to validate payloads that originated from Seismic.
All applications that want to receive callbacks (install, uninstall, enable, disable and update) or use the Configuration UI extension will need to generate a signing secret because Seismic uses this secret to sign payloads. We will use this to encrypt the JSON payload we post to you. You can then ensure that the calls are in fact coming from Seismic.
The signature is calculated using a HMAC algorithm using SHA265. The signature is sent with each request in the request header. The header key for the HMAC is x-seismic-signature.
The recipient service should use the secret to validate that the payload HMAC using SHA256 and compare it with the x-seismic-signature sent in the request header. This same approach can also be used by external services (like content uploader) to send requests to Seismic using the extensions platform.
The secret is issued to an app and is not tenant specific.
Signing secret regeneration
If the signing secret is leaked, it can be regenerated in App Registration. The signing secret is common for all versions of the app - published and unpublished.
Updated 8 months ago