Поделите своје повратне информације:
Желели бисмо ваше повратне информације о документима за програмере Мицрософт Теамс-а. Молимо Вас да одговорите на нашу кратку анкету са три питања.Узмите анкету
Овај прегледач више није подржан.
Надоградите на Microsoft Edge бисте искористили најновије функције, безбедносне исправке и техничку подршку.
Enable authentication for API-based message extensions
Чланак
Authentication is a fundamental aspect of security and serves as the first line of defense that ensures access to systems, applications, and data is granted only to those with verified credentials. Authentication for API-based message extensions is crucial for the following reasons:
Security: Protects against unauthorized access and potential breaches, safeguarding both user data and the integrity of the system.
Data Privacy: Ensures that personal and sensitive information is only accessible to users with the correct permissions.
User Trust: Builds confidence among users that their interactions with the app are secure, which is essential for user adoption and engagement.
You can implement authentication in API-based message extensions to provide secure and seamless access to applications. If your message extension requires authentication, add the authorization property under composeExtensions in app manifest and define the type of authentication for your application by setting the authType property under authorization. To enable authentication for your message extension, update your app manifest with any of the following authentication methods:
API key authentication: Implement API key authentication to use a key token known only to the app and the API service to authenticate requests. API key authentication involves using a unique key to verify the identity of users or apps accessing your API-based message extension app through an API. The key must be registered in Microsoft Teams. When users interact with your API-based message extension, Teams uses the API key to authenticate with your API. You can register through the Developer Portal for Teams and update the app manifest with the appropriate configuration. For more information, see API key authentication.
SSO authentication: Microsoft Entra is a comprehensive identity and access management solution that provides secure authentication for API-based message extensions. It ensures that only authenticated users can access your app’s features within Microsoft Teams.
You can implement authentication in API-based message extension to provide secure and seamless access to app. If your message extension requires authentication, update your app manifest as follows:
Add the authorization property under composeExtensions.
Define the type of authentication for your app by setting the authType property under authorization.
None: Update none as a value for authorization in an API-based message extension when the API doesn't require any authentication for the user. When Teams service sends a request to the API, it doesn't supply any authentication information.
Извор овог садржаја можете пронаћи на платформи GitHub, где можете и да креирате и прегледате проблеме и захтеве за повлачењем. Више информација потражите у нашем водичу за сараднике.
Platform Docs повратне информације
Platform Docs је пројекат отвореног кода. Изаберите везу да бисте обезбедили повратне информације:
When building apps for work, you typically integrate with secured APIs. Learn about the two common ways of how APIs are secured – API key and OAuth2, and how to integrate with them when building an API plugin for declarative agents that run in Microsoft 365 Copilot.
Learn how to create or build an API-based message extension using Developer Portal for Teams, Teams Toolkit for Visual Studio, Visual Studio Code, and CLI.
Learn to build a message extension from OpenAPI description document (OAD) with Developer Portal for Teams, Visual Studio Code, Teams Toolkit CLI, or Visual Studio.