API Endpoints for Apps
Get Started with OBO
OBO or On-Behalf-Of authentication allows an extension application to be able to call REST API endpoints to perform operations on behalf of an application end-user.
Such operations include:
List the streams of a given user
Initiate connection requests to and determine connection status with other users
Get the presence state of other connected users
Initiate IMs with other users
Send messages and attachments
Set the context user's own presence
📘 More information on OBOFor more information, please refer to OBO Authentication.
API endpoints enabled for OBO
The following table describes which of our REST API endpoints are OBO-enabled, and for each the application permission that must be granted to the app.
Premium APIs are an add-on to the Symphony Services, and are subject to additional charges. Prior to using them, you will need to enter into a specific contract. Please reach out to sales@symphony.com to discuss the offering, its pricing, or any further information.
GET /pod/v1/admin/system/protocols/list
SEND_MESSAGES
Deprecated documentation. For more information, refer to:
GET /pod/v1/sessioninfo
GET_BASIC_USER_INFO
Deprecated documentation. For more information, refer to: Session User
GET /pod/v1/streams/{streamId}/info
SEND_MESSAGES
Deprecated documentation. For more information, refer to: Stream Info
GET /pod/v1/user
GET_BASIC_CONTACT_INFO
Deprecated documentation. For more information, refer to: Users Lookup
GET /pod/v1/user/presence
GET_PRESENCE
Deprecated documentation. For more information, refer to: Get Presence
GET /pod/v1/user/{userId}/presence
GET_PRESENCE
Deprecated documentation. For more information, refer to: Get User Presence
GET /pod/v2/user
GET_BASIC_CONTACT_INFO SEND_MESSAGES
Deprecated documentation. For more information, refer to: Users Lookup
GET /pod/v2/user/{userId}/presence
GET_PRESENCE
Deprecated documentation. For more information, refer to: Get User Presence
POST /pod/v2/room/{roomId}/membership/list
MANAGE_ROOMS LIST_USER_STREAMS
Since SBE 20.16 Room Members
The following table describes the use of permissions:
GET_BASIC_CONTACT_INFO
An app can get basic contact info.
GET_BASIC_USER_INFO
An app can get basic contact info.
SEND_MESSAGES
An app can send messages on behalf of a user. Creates IM for users.
SUPPRESS_MESSAGES
An app can suppress a user's messages on behalf of that user.
CREATE_USER_STREAM
An app can create streams on behalf of a user.
MANAGE_ROOMS
An app can manage streams on behalf of a user.
MANAGE_SIGNALS
An app can list, create, edit, and delete signals on behalf of a user.
LIST_USER_STREAMS
An app can get a list of user streams on behalf of users.
GET_USER_CONNECTIONS
An app can get an appinfo of all user connections on behalf of users.
REQUEST_USER_CONNECTIONS
An app can send connection requests on behalf of users.
GET_PRESENCE
An app can get a user presence on behalf of users.
SET_PRESENCE
An app can set presence on behalf of users.
MANAGE_USER_FOLLOWING
An app can make a list of users follow or unfollow a considered user, identified by his uid.
GET_MESSAGES
Retrieve messages on the user behalf.
🚧 All "On-Behalf-Of" (OBO) endpoints strictly adhere to the existing entitlements or state of the user in session.
For example, an app cannot send a message on behalf of a user if that user is not already connected to the intended recipient. Similarly, if a user lacks the "Can Send Files" entitlement in Symphony Messaging, the app is restricted from sending messages with attachments on their behalf.
This principle also applies to data retrieval use cases, where the app cannot retrieve more data than the user is permitted to see. Consequently, all relevant communication controls, such as history logs, room membership, and information barriers, are automatically applied.
Last updated
Was this helpful?