Skip to main content

App Credentials

note

Don't have an app yet? Follow the instructions here.

Each app comes with a client ID, client secret, and signing secret.

App credentials

note

As the app developer, you should make sure the client secret and signing secret are not shared or commited to public repositories.

Client ID and Secret

The client ID and client secret can be used to generate a bot access token or an access token that impersonates a member. The bot access token can perform all actions that a community admin can perform. The member access token has the same permission as the impersonated member.

note

You can learn more about generating access token using the client ID and secret under Perform API Request section.

Signing Secret

Tribe uses the signing secret to sign all webhook requests. This can be used on your side to confirm the requests are coming from Tribe. You can learn more about verifying webhook requests here.

note

Not verifying webhook requests will let third parties misuse your webhook endpoint by faking POST requests and can be dangerous.