Connecting your Height workspace to third-party apps can make project management quick and easy, and with our OAuth process, you can be sure that your data stays protected when shared across apps.

What is OAuth?

OAuth is an open standard for authorization that allows two services to access data on behalf of a user. Using OAuth, once the user gives a third-party app access to their workspace, the app can access Height's API without the user's username and password. Meaning, though the app has access to the user's workspace, it does not have access to the user's password which keeps the user's data safe and secure.

Why am I being asked to grant an app access through OAuth?

Even though third-party apps are external to Height, companies and users can create and build them inside our Height app to help streamline their workflow. However, while customizing and automating your workspace can boost productivity, after a third-party app is built inside Height, you must authorize its access to certain parts of your workspace before your data is shared.

With OAuth, once you authorize the initial request to access your workspace, any future requests will be automatically authorized on your behalf – saving you the hassle of having to re-login and re-authorize each request.

πŸ’‘Tip: Don't worry though, if you ever want to remove an app's access to your workspace, you can revoke your authorization at any time. More here.

The OAuth process

The initial request & authorization

When a third-party app requests access to your Height workspace, you'll be immediately redirected to the Height landing page to log in and select your workspace. If you're logged into more than one workspace, each one will be listed so be sure to pick the one you want the third-party app to connect to. After selecting the workspace, you will then be asked to authorize a certain access type.

Access & permissions

Which access level should you choose?

There are two different access types: workspace-level and user-level. The access type listed is determined by the third-party app, and each type has a different set of permissions. Thus, while some apps may let you choose between both access types others may only list workspace-level or user-level.

1) Workspace-level access allows for the third-party app to access all public data (lists & tasks), and post messages in Height as a bot. This access type is ideal for collaborative workflows.

  • For example, if a third-party app like Zapier has workspace access, its activity will appear in chats as: "Zapier bot updated the status to To do."

  • All workspace users will see the activity message and know that the action was performed by the Zapier bot.

  • The permissions of the app will allow for it to access all public lists and tasks, but all private lists and tasks will remain private.

2) User-level access allows for the third-party app to access any private and personal data (lists & tasks), and post messages as you. This access type is best for personalized workflows.

  • For example, if a third-party app like Zapier has user access, its activity will appear in chats as the users themselves: "John Doe updated the status."

  • The bot will be able to access and post messages to any public lists and tasks that all workspace members have access to, but will not be able to post to any private lists or tasks. Thus, if John Doe has access to the private list #new-hire, the third-party app will have access to that list as well. Conversely, if John Doe does not have access to #hr-incidents, the third-party app won't have access either. Essentially, with user-level access, the app has the same exact access as the user.

Here you can see an example of workspace-level access with a third-party bot posting on a task (left image) versus user-level access that is posted on behalf of a specific user (right image):

Handling the request

When the third-party app submits the initial request to access your workspace, you must manually choose to either cancel or allow the authorization.

If you do not approve of the outlined permissions, selecting cancel will deny the request, redirect you back to the third-party app, and prevent any workspace data from being shared.

Similarly, selecting allow will also redirect you back to the third-party app. However, because the permissions were allowed, Height will issue an access token to the app. This token will then be used to access your data, and the third-party app will be successfully connected to your Height workspace.

πŸ’‘Tip: If you want to confirm that the access was successfully granted, go to Product settings β†’ Integrations. Any apps listed as "Installed" are successfully connected.

Revoking authorization

You can revoke an app's authorization at any time via Product settings β†’ Integrations. Revoking authorization stops the third-party app from being able to access your data. The app will be marked as "deleted" and any refresh tokens will be invalidated to immediately disable the app's connection to your workspace. Don't worry though, previously removed apps can be re-installed at any time.

Did this answer your question?