{"version":"1.0","provider_name":"Microsoft 365 Developer Blog","provider_url":"https:\/\/devblogs.microsoft.com\/microsoft365dev","author_name":"Kaizala Developer Platform team","author_url":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/author\/kaizala-developer-platform-team\/","title":"Securing API requests from Kaizala action - Microsoft 365 Developer Blog","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"aywTykxW3k\"><a href=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/securing-api-requests-from-kaizala-action\/\">Securing API requests from Kaizala action<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/securing-api-requests-from-kaizala-action\/embed\/#?secret=aywTykxW3k\" width=\"600\" height=\"338\" title=\"&#8220;Securing API requests from Kaizala action&#8221; &#8212; Microsoft 365 Developer Blog\" data-secret=\"aywTykxW3k\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","thumbnail_url":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-content\/uploads\/sites\/73\/2018\/06\/postman1.png","thumbnail_width":793,"thumbnail_height":433,"description":"There are scenarios where you may want to query your service from within the Kaizala card. While the APIs to be queried are public (without any authentication), you can query them directly. But, in case you want to secure your APIs to make sure the calls are made by the particular user from within the Kaizala card alone \u2013 you use the\u00a0Integration Service\u00a0token. This post explains how you generate this token and subsequently validate this on the service side."}