About developing Apps for Enterprise Server
If you want your App to be available to organizations in a Enterprise Server instance that you are not part of, you must take the following steps.
If Enterprise Server access is important, consider whether a custom action for Actions will suit your needs instead. Public actions are available on Enterprise Server instances with Connect. For more information, see Enabling automatic access to .com actions using Connect in the Enterprise Server documentation.
Each Enterprise Server instance must register their own App
Organizations owned by a Enterprise Server instance cannot install Apps registered on .com or on another Enterprise Server instance. Instead, they must register and install their own App for use on that instance.
The app developer creates a manifest or URL parameters. For more information, see Registering a App from a manifest and Registering a App using URL parameters.
The app developer shares the manifest or URL parameters with the Enterprise Server administrator that wants to use the app. The same manifest or URL parameters can be shared with multiple Enterprise Server instances.
An organization owner in the instance uses the manifest or URL parameters to register a App.
The organization installs the App that they registered.
Optionally, if the organization made the App public, other organizations within the instance can install the App as well. There is not a way to install a App on an entire instance, only on organizations within an instance.
The app code must be able to access the App credentials for the instance
Your app's code will need the credentials of the App that the Enterprise Server instance registered. It will also need the hostname of the instance. You have two options: get the credentials and hostname from the instance, or have the Enterprise Server customer host and manage a self-hostable version of the app.
Get the credentials from the Enterprise Server instance
The instance can share their App credentials and hostname with the app developer. The site administrator should only do this if they trust the app developer. Then, the app code can use the appropriate credentials depending on what actions it is taking. The app developer must take precautions to use the appropriate set of credentials and to not data.
Advantages:
- The app developer controls the infrastructure that the app runs on.
- The app developer has more control over app updates.
- The app developer may have more insight into app performance.
Disadvantages:
- The app developer must take precautions to avoid ing data from the instance.
- The site administrator may need to open firewall exceptions for your application to reach the instance, and they may be reluctant to do so.
Have the Enterprise Server customer host and manage a self-hostable version of the app
The app developer can provide a self-hostable version of their app. Then, the site administrator can host the app according to app developer's setup and installation instructions.
The method by which the self-hostable version of the app is created and shared is up to the app developer and depends on technology that the app uses.
Advantages:
- The instance remains more secure because they aren't sharing their app credentials.
- The app developer doesn't need to worry about ing data from the instance.
Disadvantages:
- The app developer relies on the site administrator to provide infrastructure for the app and set things up correctly.
- Releasing updates to the app code may be more complex.
- The app developer may lose visibility about app performance.
The app code must use the correct URLs
Enterprise Server uses different URLs than Free, Pro, Team, and Enterprise Cloud. You should update your app code to use the appropriate URL depending on whether it is working with a Enterprise Server instance. Replace HOSTNAME with the hostname of the Enterprise Server instance.
| Free Pro Team Enterprise Cloud | Enterprise Server |
|---|---|
https://api..com | https://HOSTNAME/api/v3 |
https://api..com/graphql | https://HOSTNAME/api/v3/graphql |
https://.com/login/oauth/authorize | https://HOSTNAME/login/oauth/authorize |
https://.com/login/oauth/access_token | https://HOSTNAME/login/oauth/access_token |
The app code must be aware of feature differences
New REST API endpoints, GraphQL objects, and webhooks are released to Enterprise Server at a later date than Free, Pro, Team, and Enterprise Cloud. Additionally, there are multiple versions of Enterprise Server, and older versions may have different REST API endpoints, GraphQL objects, and webhooks.
Therefore, the app code needs to be aware of these differences. API responses and webhook payloads include a x--enterprise-version header for Enterprise Server payloads to help you determine what version you are handling.
Each Enterprise Server instance can configure rate limits
Each Enterprise Server instance can configure its own rate limits. If your app is hitting a rate limit and is already taking precautions to stay under the rate limit, you should talk to the admin of the Enterprise Server instance.