If your app has a settings page or some other page to manage functionalities
or recent syncs, you can use the Manage App URL
field within our Developer
Center to expose a new button to Jobber admin users from the App Marketplace
listing. This button will only appear to Jobber admin users who are viewing
your App Marketplace listing after their Jobber account has already been
connected to your app. The Connect button will also automatically be
replaced with a Disconnect button in this case.
The Manage App button on an App Marketplace listing will look like the screenshot below. If you would like to test any workflows involving either the Manage App or Disconnect buttons, it is strongly recommended that you contact [email protected] with your app's name and the email address of your Jobber testing account and ask that the app be made visible to your account for testing.
Typically apps built on Jobber's platform manage user authentication in one of two ways:
If your app will be handling authentication using method 1 above, then the
Manage App URL
can simply be a URL to your application/website and will
not need to utilize the Authorization Code mentioned below. For method 2,
see the next section for recommended best practices.
If using this method, it is highly recommend that your app takes advantage
of the user
query in GraphQL (with no input arguments) to look up and
store the userId
of the Jobber user that originally connected your app.
This is because this user cannot possibly be deactivated or downgraded in
Jobber without your app being disconnected first. For this reason, it can
be guaranteed that API access tokens and refresh tokens associated with
this user will always be valid. The same cannot be guaranteed for any other
admin users in Jobber that access your app via the Manage App button.
When any Jobber admin users click on the Manage App button to access
your app, they will be redirected to your app's Manage App URL
, along
with an authorization code in the query string, in a very similar manner to
step 3 of the Authorization Code Flow.
Your app can then subsequently redeem the authorization code, which will then generate a new API access token and refresh token, regardless of whether Refresh Token Rotation is enabled or not. It should be noted that any previously issued API access tokens for that user will continue to remain valid for their 60 minute expiration period, but any previously issued Refresh tokens will be invalidated.
At this point it is highly recommended to use the user
query (with no input
arguments specified) in Jobber's API to determine the userId
of the admin
user that just accessed your app. If it is the same user that originally
connected your app, then the API access token and refresh token that your
app has saved for that account should be adjusted. If it is not the original
app-installing user, then we recommend that the newly issued access token
and refresh token should be discarded (unless required for a special use
case) and that your app continue to use the original refresh token from the
app-installing user. This will prevent any possible issues from other admin
users accessing your app being deactivated in Jobber later.