15.10 External Applications

This functionality of vtenext, located in Settings > External Applications, allows external services to connect to the CRM using the OAuth2 authorization protocol.

Configuration page for External applications

How does it work? External services, here called External Applications, connect to vtenext via REST API, passing a access_token to authenticate. This token is provided by vte via the OAuth2 protocol, using one of the 2 avaialble flows. Let's see an example:

This flow is called Client Credentials and there are 3 parties:

Application (for example an ERP)
Authorization Server (in case of vtenext, it's the same as the point 3)
Resource Server, the server containing the data to be retrieved (vtenext in this case)

Briefly, the Application (eg: ERP reading Invoices), asks the Authorization Server the Access Token, sending the pair (Client ID, Secret Key) to authenticate itself. If the credentials are correct, an Access Token is given to the Application, that can be used to retrieve information from vtenext via REST API.

An example of REST API call with access token is:

curl -X POST '<VTE_URL>/restapi/v1/vtews/query' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer <ACCESS_TOKEN>' \
  -d '{"query":"SELECT * FROM Invoice;"}'

The advantage of access tokens is that they have a limited time validity (usually 1 hour) and it's revokable server side, so it's possible to allow access to external apps in a controlled way, without providing them the main password. After the token expiration it's necessary to obtain a new one, repeating the procedure.

This flow is recommended for communication between 2 servers, without human intervention after the initial configuration

The second flow is called Authorization Code and it involves an additional party, called the User.

In this example, the Application that wants to connect to vtenext is, for example, Facebook, that needs to reads the user's Leads. The difference is that it's not Facebook directly that requires this data, but the user delegates Facebook to access his own data present in vtenext. The objective is then to provide Facebook with this data, without giving it the user's full credentials (password) to the system. So Facebook will ask the user to obtain an authorization code, exchanged then by Facebook with an access token, used then to retrieve the data. The access token can be used once only, or renewed automatically (if the user granted this type of access).

So, even though Facebook got access to Leads in vte, it never read the user password and after the expiration of the access token, it won't have access anymore.

This flow is recommended when the application needs to ask user's permission to access the data.

General configuration

At the beginning of the page, there are some general settings::

Enable OAuth2 access: enable or disable globally the use of OAuth2 protocol. If disabled, no external app can use the REST API with an access token (standard authentication via access key is allowed)
Allow users to view and change the secret key of apps associated to them: if active, non admin users can see and modify the secret key for applications linked to their user in the user's page
Allow connections with admin users: if enabled, external apps can connect with an admin user

Service Account Configuration

Click on the button ADD on the right

Click on the ADD button on the right.
A wizard screen appears to guide the configuration process.
Select the Client Type, choosing between:
- Web or Mobile Application (if access requires user login)
- Service Account (if access occurs in the background between two servers)

To configure a Client Credentials flow, select:

Key Type = Service Account
Secret Type = Secret Key

Additional configuration fields will then appear:

Configuration details:

Name: Assign a descriptive name to the configuration (e.g., connection to a management system).
Client ID & Secret Key: These are auto-generated.
Scope: Define the level of API access (read-only, write-only, or read/write).
User Association: All operations done in vte will be executed as this user. Of course, visibility rules apply according to role and profile configuration.

By providing the Endpoints, Client ID, and Secret Key to the external system’s technician, the connection can be finalized.

For JWT signed authentication, the Secret Key is not a simple string, but a cryptographic key in PEM or JWK format, generated only after saving the configuration.

Web or Mobile Application Configuration

Click on the button ADD, on the right

You are presented with the same wizard, but this time choose Web or mobile application. So we get the following:

Application Type Options:

Web Application: For browser-based applications.
Native or Single Page App: For mobile or native apps (same as Web Application, but the OAuth2 flow requires PKCE).

For a Web Application, the configuration follows a similar process to the Service Account setup:

Client ID & Secret Key are generated.
Define the Scope (read-only, write-only, or read/write).

Offline Access:

By enabling Offline Access, together with the access token, a refresh token is returned, that can be used to automatically obtain a new access token after its expiration.

Redirect URL Configuration:

After logging into vtenext, the User is redirected back to the requesting application (e.g., Facebook).
Access control settings allow restricting access to All Users or Selected Users/Groups.

Authorization Screen Customization:

The authorization request screen (e.g., "Facebook wants to access your vtenext data. Do you authorize?") can be customized with:
- Name
- Description
- Icon

From the settings page, Settings > External Applications, it's possible to see the list of registered applications and deactivate them or revoke all the active tokens:

In this list it's possible to see Expired tokens. In case of expired tokens the user will have to re-authenticate to obtain new ones. On the right some tools are present:

edit the configuration
revoke all access tokens
remove the external application configuration

Linked Applications in User Preferences

In User Preferences, under Linked Applications, users can view all applications associated with their account.

View Configuration Details: Users can see (but not modify) the configuration unless they are Admins.
Disable or Revoke Tokens: Users can manually revoke access tokens.

Introduction

1.1 Examples of vtenext application areas

1.2 Flows managed by vtenext

1.3 Notes on the manual (Disclaimer)

vtenext Business 18.02 Release Note

vtenext Business 18.05 Release Note

vtenext Business 19.10 Release Note

vtenext 20.04 release notes

vtenext 21.01 release notes

vtenext 21.10.1 Release Note

vtenext 22.05 Release Note

vtenext 23.08 Release Note

vtenext 24.08 Release Note

vtenext 25.02 Release Note

2 First steps: how to browse vtenext

2.1 System login

2.1.1 User session duration

2.2 Home

2.3 Navigation methods: menus

2.3.1 Global Search

2.3.2 Fixed Icons

2.3.3 Contextual Icons

2.4 Search in module

2.5 Modules structure

2.5.1 Record structure (detail view)

2.5.2 Quick look relations

2.6 Filters

2.6.1 How to create a Filter (standard filters, advanced filters, filters based on report, kanban)

2.6.2 Relationship Navigator (Expandable List View)

2.7 Users preferences

2.7.1 Request Remote Support

2.7.2 Two-factor Authentication (2FA)

2.8 Access privileges

3 Customers records and basic data management

3.1 Leads

3.1.1 Lead creation

3.1.2 Lead conversion

3.1.3 Lead Conversion Process

3.2 Accounts

3.3 Contacts

3.4 Vendors

3.5 How to import and export records

3.5.1 Imports

3.5.2 How to format the CSV file

3.5.3 Export

3.5.4 Checking duplicates in a module

3.5.5 Save Mapping

3.6 Mass Edit

4 Calendar and Activities

4.1 Add a calendar event

4.1.1 Edit and Duplicate an Event

4.2 To-Dos

4.3 Shared Calendar and preferences

4.4 Shared calendar access and events visibility

4.5 Import and export activities

4.6 Book me - Make an appointment

5 Personal communication tools

5.1 Outbound mail configuration (SMTP)

5.2 Messages Module

5.2.1 IMAP configuration and folders

5.2.1.1 Set Centralized Signature

5.2.2 Writing and reading emails

5.2.3 Email Functions

5.2.4 Emails Sharing

5.2.5 .ics support for calendar

5.2.6 Other Settings of Messages Module

5.2.7 Mass email

5.3 Email Templates

5.4 Talks Module

5.5 Notification Module

5.5.1 vtenext version update notification

5.6 Documents

5.6.1 Documents revision and sharing

5.6.2 Create new document from related list

5.7 Notes

6 Marketing Communication Tools

6.1 Newsletter Campaigns

6.1.1 Step 1: Campaign

6.1.2 Step 2: Target

6.1.3 Step 3: Newsletter