Setup credential exchange

  • Updated on Sep 15, 2025
  • Published on Sep 3, 2025
  • 1 minute(s) read
Prev Next

MindCloud Embedded handles end users providing their credentials through our SDK modal.

However, to perform integrations on behalf of your application (for example, to sync an end user's MindCloud contacts with your platform), we need your application's credentials for that end user.

This is where credential exchange comes in. Whenever we run a workflow, we'll call your exchange endpoint to retrieve your application's authentication credentials, which allow us to authenticate with your APIs and perform the requested integrations on the end user's behalf.

To setup credential exchange follow these steps:

  1. Go to the Embedded tab and click on the Setup Credential Exchange button

  2. Now, you'll need to enter an Exchange Endpoint (from your system) that will:

    1. Accept a POST request

    2. Receive an endUserId and installationId as query param

    3. Return a valid API Key that allows us to access other routes in your system on the end user's behalf.

  3. For safety reasons, you can optionally provide a Signing Secret to make sure the request comes in from MindCloud.

    1. On every request, MindCloud will generate an X-Signature header for your verification.

    2. This signature definition is {timestamp}\n{method}\n{path} and will be hashed by SHA-256.

    3. On your end, you can optionally use the shared Signing Secret to decode this header and verify the request did indeed come from MindCloud.

Let's move on to the next step: