@startuml title AppExchange / MC App\nAPI Auth Flow\n (Draft) autonumber skinparam monochrome true skinparam roundcorner 10 skinparam lifelineStrategy solid skinparam maxMessageSize 160 'skinparam style strictuml actor "Marketer" as marketer collections "MC" as mc participant "Partner\nWebapp" as partner hnote over mc,partner:<b>AppExchange Setup\nMust select offline access scope in Marketing Cloud Installed Packages\nto use tokens after the user logs out. 'Step 1 marketer -> mc:Initiate Partner App Load in MC activate marketer mc -> partner++:Load webapp which is iframed in. 'Web App Authorization Code: https://developer.salesforce.com/docs/atlas.en-us.mc-app-development.meta/mc-app-development/integration-app-auth-code.htm group UI Authorization Code Flow partner --> marketer:Redirect end user\n302 v2/authorize?response_type=code&client_id=&redirect_uri=&scope=&state= marketer -> mc:GET v2/authorize?response_type=code\n&client_id=&redirect_uri=&scope=&state= mc -> mc:Marketing Cloud authorization service redirects the user’s web browser to the Marketing Cloud login page mc -> mc:User logs in to Marketing Cloud. mc --> marketer:Redirect w/authorization. 302 redirect_uri?state=&tssd=&code= marketer -> partner:GET redirect_uri?state=&tssd=&code= note right Authorization code on behalf of the end user good for 5 minutes. Must be exchanged for access tokens. end note end 'Access Token: https://developer.salesforce.com/docs/atlas.en-us.mc-app-development.meta/mc-app-development/access-token-app.htm group Access Token Flow partner -> mc++:POST TSSD/v2/token\nauthorization code, client_id, client_secret, redirect_uri, offline scope, and account_id. return access_token(20m), refresh_token(30d), rest_instance_url, and soap_instance_url. note right: The same client_id and\nclient_secret is used in all stacks. partner -> partner:Stores TSSD urls and refresh_token which expire in 30 days. end 'Access MC Resources: https://developer.salesforce.com/docs/atlas.en-us.mc-apis.meta/mc-apis/routes.htm marketer -> partner++:User interacts with partner APP. return group APP Accesses MC Resources partner -> mc++:FUEL API\n Authorization: Bearer {Access Token}\nPOST TSSD/route/todo\nJSON Payload mc -> mc: MID & AppID from Auth Principal return end 'Logout marketer -> partner:Logout note right:access_token is immediately revoked. deactivate marketer deactivate partner ... 'Unsolicited Updates ==Background Partner Processes== loop Periodically:Daily/Weekly partner -> partner++:Daily process to check for seed list changes in each account. 'Refresh Token group Refresh Token Flow partner -> partner: Retrieves TSSD urls and refresh_token partner -> mc++:POST TSSD/v2/token return access_token(20m), refresh_token(30d) partner -> partner:Stores refresh_token which expire in 30 days. end partner -> mc++:FUEL API\n Authroziation: Bearer {Access Token}\nPOST /route/todo\nJSON Payload mc -> mc: MID & AppID from Auth Principal return end @enduml
Decode URL
Submit
amiga
aws-orange
black-knight
bluegray
blueprint
cerulean-outline
cerulean
crt-amber
crt-green
cyborg-outline
cyborg
hacker
lightgray
mars
materia-outline
materia
metal
mimeograph
minty
plain
reddress-darkblue
reddress-darkgreen
reddress-darkorange
reddress-darkred
reddress-lightblue
reddress-lightgreen
reddress-lightorange
reddress-lightred
sandstone
silver
sketchy-outline
sketchy
spacelab
spacelab-white
superhero-outline
superhero
toy
united
vibrant
Pure Javascript
PNG
SVG
ASCII Art