Share via

Onboarding to Business Assist API

  • Article

Business Assist includes a powerful API that provides access to Support ticket forecasting and Customer Feedback/Survey analysis and clustering. Using this API, you can integrate support data related to your organization directly within your own custom apps. The following sections walk through the process of setting up the authentication requirements and making an initial call to the Business Assist API.

Third Party custom application authentication

Azure app registration

Since the Business Assist APIs used by third party applications are secured by Microsoft Entra ID, we first need to set up a few things in Microsoft Entra ID for the connector to securely access them. After this setup, you can connect to the Business Assist API using Postman to test and validate the API endpoints.

Diagram showing 3P custom app user interacting with 3P custom application to request access token from 3P Customer Tenant. Application is then able to make Business Assist API requests.

Custom application authentication prerequisites

You will need the following to proceed:

Third Party Direct User authentication

The Business Assist API Direct User authentication requires that a user log in directly with their existing Microsoft Entra ID account to retrieve a user access token. This token can be used along with Postman or your own custom implementation to query the Business Assist API endpoints.

Diagram of 3P user calling Customer Tenant to receive access token. 3P user then makes Business Assist API requests.

Direct User login prerequisites

You will need the following to proceed:

3P User On-Behalf-Of Authentication

The Business Assist API supports the implementation of the Microsoft identity platform OAuth 2.0 On-Behalf-Of (OBO) authentication flow to allow customers to develop their own custom applications and query the BA API as the user of the custom application. This will allow custom applications to take full advantage of the capabilities of the API while maintaining the authorization and data isolation that is part of the user token process. To utilize this token process, custom applications will be required to request the OBO token from Active Directory within their application and then query the Business Assist API using this OBO token.

Read further information about how to implement the Microsoft identity platform OBO token process.

API rate limits

The Business Assist APIs are priced on a Freemium model. To protect access to the Business Assist APIs for all users, there are rate limits implemented for each service.

Request type Limit per tenant for all apps Limit per app per tenant
POST 40 requests per hour. 20 requests per hour.
GET 80 requests per hour. 40 requests per hour.

After reaching a rate limit, you will receive a message telling you when to retry:

Rate limit exceeded. Retry after <int> minutes.