Developing Trusted Application API applications for Skype for Business Online
The Trusted Application API is in Developer Preview and not licensed for production usage. As part of Microsoft’s intellgent communications vision, we’re building extensible communications capabilities into Teams. For more Teams Developer information, check out https://aka.ms/TeamsDeveloper
Learn how to develop Trusted Application API service applications.
Trusted Application API uses Azure Active Directory (Azure AD) to provide authentication services that your application can use to get the right to access a set of capabilities. To do this, you need to do the following:
Use the quick registration tool for registering Skype for Business Trusted Applications in Azure and Skype for Business Online, that eliminates the need to register an Application manually in Azure portal.
You can also manually register your application in Azure Portal, where you will get a Client ID and set an App ID URI. Refer to Registration in Azure Active Directory for details.
2. Register trusted application endpoints
Register Trusted Endpoints in a Skype for Business Online tenant using PowerShell. Refer to Setting up a Trusted Application Endpoint for details.
3. Provide consent
When the application is registered in AAD, it is registered in the context of a tenant. For a tenant to use the Service Application, for example, when the application is developed as a multi-tenant application, it must be consented to by that tenant's admin. Refer to Tenant Admin Consent for more details. 4. Authentication
Authenticate using either Client Secret or Certificate to obtain an Oauth token. Read Azure Active Directory - Service to Service calls using Client Credentials for details.
5. Call the Trusted Application API.
It is the act of finding the Trusted Application APIs home server using the discovery endpoint. This enables you to connect to the API and use the exposed capabilities.
For Service applications, please refer Discovery for Service Applications
Authentication using client credentials
All Trusted Application API endpoints require an oauth token with an Application Identity from Azure Active Directory using the client credential grant flow. This grants the permissions to the application to access the Trusted Application API resource. Please refer Azure Active Directory - Service to Service calls using Client Credentials for more details.
In this section
- Registration in Azure Active Directory
- Azure Active Directory - Service to Service calls using Client Credentials
- Tenant Admin Consent
- Set up a trusted Application Endpoint
- Registering a Trusted Application in Skype for Business Online
- Discovery for Service Applications
- Authentication and Authorization
The following topics also apply to the Trusted Application API Online service application workflow: