Basic information

Basic Information

Use this section to define the application metadata. This data is used to enrich the experience of the Seismic admin who will ultimately be configuring your application. All information entered in this section will be visible within the Manage Apps page.



Required fields

While only app name and email are required, we strongly encourage that all apps populate as much information as possible to enrich the experience of the Seismic admin. Failure to populate certain fields may deter users from installing/enabling the application.

App nameThe name of your app.
LogoA logo representing your app. Please choose a square image between 32x32px and 312x312px.
Email addressThe email address of the app owner.
Short descriptionA short description of the app. Supports a basic set of rich text formatting.
How it worksA longer description of how your app works. Supports a basic set of rich text formatting.
Support urlA link to app support page.
Company urlA link to a company page.
Documentation urlA link to documentation page for the app.
Terms of service urlA link to a Terms of Service page for the app.
Privacy policyA link to a Privacy Policy page for the app.

App information

App IDThe unique ID for this application. This ID will not change
Date CreatedThe datestamp of when this app was created
Signing SecretA generated key that can be used to validate requests and payloads. Read more below
Distribution LinkShare this URL with a tenant admin to give them the ability to install your app in their tenant. You can read more on App Distribution

Signing secret

App registration supports the generation of a signing secret that can be used to validate payloads that originated from Seismic.

All applications that want to receive callbacks (install, uninstall, enable, disable and update) or use the Configuration UI extension will need to generate a signing secret because Seismic uses this secret to sign payloads. We will use this to encrypt the JSON payload we post to you. You can then ensure that the calls are in fact coming from Seismic.

The signature is calculated using a HMAC algorithm using SHA265. The signature is sent with each request in the request header. The header key for the HMAC is x-seismic-signature.

The recipient service should use the secret to validate that the payload HMAC using SHA256 and compare it with the x-seismic-signature sent in the request header. This same approach can also be used by external services (like content uploader) to send requests to Seismic using the extensions platform.

The secret is issued to an app and is not tenant specific.


Signing secret regeneration

If the signing secret is leaked, it can be regenerated in App Registration. The signing secret is common for all versions of the app - published and unpublished.