Overview

USTA offer two type of integration bound and unbound. Bound integration is used when application is integrated using SSO while unbound integration is a standard machine-to-machine integration. Both are explained below in details.

Bound Mode

Overview

This page describes how to structure your application to request data from USTA.  This API is restricted, or "bound", to the data associated with the user for which the JWT token was requested.   The bound APIs make use of the 'me' semantic, where me refers to the identity of the customer inside the session token.  

Bound APIs are designed to be accessed from the browser.  The identity of the user is protected in the access token.

No other customer info can be accessed using the Bound APIs.

OAuth Flow

Bound access uses Authentication Code Grant OAuth flow.

Unbound Mode

Overview

This page describes how to structure your application to request data from USTA.  This API is not restricted, or "unbound", to the data associated with the user for which the JWT token was requested.   Users must be explicitly permissioned to access these endpoints.

Unbound APIs are designed to be accessed server side for machine-to-machine communication. 

It is not safe to implement Unbound APIs from the browser because the customer identity can be determined.  Please use with care. 

OAuth Flow

Unbound access uses Basic Auth (clientId/secret) OAuth flow.