Greetings everyone! I am the gamification admin for our org and we recently started using an external BPO for our weekend shifts. I want to share a real-time performance dashboard with their management team so they can see their agent scores and leaderboards. However, for security reasons, I cannot give them full access to our Genesys Cloud organization. I am looking for a way to use the Platform API to extract the specific BPO metrics and display them in a custom web portal that is accessible outside of our corporate network. How do I handle the OAuth authentication for this external portal without exposing our client secrets?
Hello. This is such a great way to improve collaboration with your BPO! We do something similar for our scheduling updates. You should never put your client secrets in the front end of your web portal. Instead, you should build a small back end service that handles the OAuth flow with Genesys Cloud.
Your portal then talks to your own API, which acts as a proxy. This way, the BPO only sees the data you want them to see, and your credentials stay safe on your server.
From a DevOps perspective, I recommend using a ‘Client Credentials’ grant for your proxy service. You can use Terraform to create a dedicated OAuth client for this purpose with the absolute minimum scopes required to read the gamification data. Then, use a tool like AWS API Gateway to expose the data to your BPO.
It is a very clean and secure architecture that keeps your main organization protected while still providing the visibility the BPO needs.