# JTL Apps JTL apps enhance the functionality of JTL software products. They allow third-party developers to create solutions that integrate with JTL's ecosystem, providing additional features and capabilities to users. ## What is a JTL App? A JTL app is a software application that connects to JTL products or services through our API infrastructure. Apps can: - Extend the functionality of JTL products - Integrate in JTL products - Provide specialized processes or tools for specific business needs - Automate workflows between JTL and other systems Apps typically consist of two components: - **Backend**: Server-side code that communicates with JTL APIs - **Frontend**: User interface that allows users to interact with the app ## Integration Types JTL apps can be integrated in several ways: - **Embedded apps**: Run within the JTL ERP user interface - **Standalone apps**: Can be launched from JTL-Hub or standalone - **Headless API integrations**: Integration without user interface that connects to JTL APIs - **Pane apps**: Run within the JTL ERP sidebar interface and subscribe to context specific events ## App Registration Before an app can interact with JTL systems, it must be registered through our [App Registration process](/products/appregistration/registrationprocess). This creates the necessary authentication credentials and establishes the permissions framework for the app. # Authentication Flows For each app, an OAuth client with a `ClientId` and `ClientSecret` is created to authenticate the app against the JTL API. When an app is installed in a JTL tenant in JTL-Hub, the app only receives access to this tenant without the credentials changing. ## Machine to Machine Flow This diagram illustrates the Machine-to-Machine (M2M) flow, which allows your app Backend to authenticate itself against the JTL API. Here's a breakdown of the process: ### Participants * **App Backend:** This is the server-side logic and API of your app. * **JTL Identity Provider:** This is the service responsible for managing and issuing authentication tokens within the JTL ecosystem. * **JTL WaWi API:** This is the API of the JTL-Wawi that your app interacts with to access data. ```mermaid sequenceDiagram autonumber participant appBackend as App Backend participant identityProvider as JTL Identity Provider participant wawiApi as JTL WaWi API appBackend->>identityProvider: Request Access Token (using client credentials) activate appBackend activate identityProvider identityProvider-->>appBackend: Return Access Token deactivate identityProvider deactivate appBackend appBackend->>wawiApi: Request a WaWi Resource (using Access Token) activate appBackend activate wawiApi wawiApi-->>appBackend: Response with WaWi Resource deactivate wawiApi deactivate appBackend ``` ### Flow participant accountService as JTL Account Service participant wawiApi as JTL WaWi API appFrontend->>jtlAppBridge: Request Session Token activate appFrontend activate jtlAppBridge jtlAppBridge-->>appFrontend: Return Session Token deactivate jtlAppBridge deactivate appFrontend appFrontend->>appBackend: Request WaWi Resource (using Session Token) activate appFrontend activate appBackend appBackend->>identityProvider: Request Access Token (using client credentials) activate identityProvider identityProvider-->>appBackend: Return Access Token deactivate identityProvider appBackend->>accountService: Validate Session Token activate accountService accountService-->>appBackend: Validation Result deactivate accountService appBackend->>wawiApi: Request a WaWi Resource of the SessionToken-Tenant (using Access Token) activate wawiApi wawiApi-->>appBackend: Response with WaWi Resource deactivate wawiApi appBackend-->>appFrontend: Response with WaWi Resource deactivate appBackend deactivate appFrontend ``` ### Flow 1. **Request Session Token** The App Frontend initiates the process by sending a request to the JTL App Bridge to obtain a session token. 2. **Return Session Token** The JTL App Bridge processes the request and returns the session token to the App Frontend. This token contains information about the currently logged-in JTL user and their associated JTL tenant. 3. **Request WaWi Resource (using Session Token)** The App Frontend makes a request to the App Backend to access a specific resource from the JTL WaWi API. This request includes the session token obtained in the previous steps. 4. **Request Access Token (using client credentials)** Upon receiving the request with the session token, the App Backend needs to interact with the JTL WaWi API. For this, it first requests an access token from the JTL Identity Provider using the App Backend's own client credentials. 5. **Return Access Token** The JTL Identity Provider verifies the App Backend's credentials and returns an access token that represents the App Backend's identity. 6. **Validate Session Token** The App Backend sends the session token received from the App Frontend to the JTL Account Service for validation. This ensures the token is legitimate and hasn't expired. 7. **Validation Result** The JTL Account Service validates the session token and returns the result (success or failure) to the App Backend. 8. **Request a WaWi Resource of the SessionToken-Tenant** With both a valid session token (confirming the user's tenant) and an access token (identifying itself), the App Backend requests data from the JTL WaWi API. The access token authenticates the request, while the session token ensures access to the correct tenant's data. 9. **Response with WaWi Resource** The JTL WaWi API processes the request and returns the requested resource to the App Backend. 10. **Forward Response to Frontend** Finally, the App Backend forwards the response containing the WaWi resource back to the App Frontend, completing the flow. ```