Auth on Behalf - Hero V17

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

Auth On Behalf

User Authentication for Your Integration

Execute actions as the actual user, not as a bot. Messages, emails, and invites sent from real accounts, indistinguishable from manual actions.

Build Now Documentation

Your App

UNIPILE

Providers

Hosted Auth

Refresh Token

Webhooks

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

What is Auth on Behalf?

With Auth on Behalf, users explicitly grant your application permission to act on their connected accounts. Through a secure redirect flow, they authenticate directly with the provider, your app never touches their credentials. Once authorized, you receive a simple account_id to execute any action within their granted scope.

User Identity Mapping Link your internal user IDs to authenticated provider accounts

Redirect-Based Consent Users authorize access through provider's native consent flow

Token Abstraction Unipile manages authorization tokens, you only use a simple account_id

API Execution on Behalf All API calls are executed in the context of the authenticated user

Authentication Lifecycle

1

Generate Auth Link

Your backend requests a hosted auth URL from Unipile API

2

User Consent

User is redirected to provider's authorization screen

Secure Redirect

3

Session Established

Provider session created and tokens securely stored

4

Callback Received

Your notify_url receives account_id and user mapping

Webhook Ready

5

Execute API Calls

Make requests on behalf of the user using account_id

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

Key Feature

One Link, All Auth Methods Handled

Skip the complexity of building OAuth flows, QR code scanners, session handlers, 2FA verification, and captcha management. Generate a single link—Unipile handles everything.

Without Hosted Auth

Build & maintain each auth flow separately

OAuth flows for each provider QR code scanning implementation Session & token management 2FA & Captcha handling Token refresh logic

With Hosted Auth

One redirect link, everything managed

Single API call to generate link All providers unified interface Zero maintenance overhead Webhook callback on success White-label ready

auth.yourapp.com/connect

Connect your account

Select a provider to continue

LinkedIn Session

WhatsApp QR Code

Gmail OAuth

Outlook OAuth

Telegram Phone

Instagram Session

Pre-built UI

Production-ready auth wizard with responsive design

Redirect URLs

Configure success & failure callbacks for seamless UX

Webhooks

Instant notifications with account_id mapping

White-Label

Custom domain support (auth.yourapp.com)

Build Now Documentation

Implementation in 4 Steps

From generating an auth link to executing API calls on behalf of your users

1

Generate Hosted Auth Link POST

const response = await fetch(
  "https://api.unipile.com/api/v1/hosted/accounts/link",
  {
    method: "POST",
    headers: {
      "X-API-KEY": "YOUR_API_KEY",
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      type: "create",
      providers: ["LINKEDIN", "GOOGLE"],
      notify_url: "https://yourapp.com/callback",
      name: "user_123"
    })
  }
);

2

Receive Auth URL RESPONSE

// Response from Unipile API
{
  "object": "HostedAuthURL",
  "url": "https://account.unipile.com/pqb..."
}

// Redirect user to this URL
window.location.href = response.url;

3

Handle Webhook Callback WEBHOOK

// Payload received on your notify_url
{
  "status": "CREATION_SUCCESS",
  "account_id": "e54m8LR22bA7G5qsAc8w",
  "name": "user_123"
}

// Store the account_id mapping
await saveUserAccount(
  payload.name,
  payload.account_id
);

4

Execute API Calls GET / POST

// Send message on behalf of user
const message = await fetch(
  "https://api.unipile.com/api/v1/chats",
  {
    method: "POST",
    headers: {
      "X-API-KEY": "YOUR_API_KEY",
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      account_id: "e54m8LR22bA7G5qsAc8w",
      text: "Hello from your app!"
    })
  }
);

Build Now Documentation

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

Build It Yourself vs Unipile Hosted Auth

Connecting users to multiple providers requires handling OAuth, QR codes, sessions, 2FA, and more. See what you skip with Unipile.

Without Unipile

Build & Maintain Yourself

Multiple OAuth Implementations

Build separate OAuth flows for Google, Microsoft, and each provider with different scopes and refresh logic

QR Code Authentication

Implement QR code generation and scanning for WhatsApp Web-style connections

Session Management

Handle session-based auth for LinkedIn, Instagram with cookie management and rotation

Security Challenges

Manage 2FA verification, CAPTCHA solving, and device trust across providers

Token & Session Refresh

Build automatic refresh logic, handle expirations, and manage reconnection flows

With Unipile Hosted Auth

One Link, Everything Handled

Single API Call

Generate one redirect URL that works for all providers—OAuth, QR, or session-based

Pre-built Auth UI

Production-ready wizard handles provider selection, credentials, QR display automatically

Security Managed

2FA, CAPTCHA, device verification—all handled transparently by Unipile

Automatic Refresh

Token and session refresh happens server-side—zero maintenance on your end

Webhook Callback

Receive account_id instantly on your notify_url when connection succeeds

1

API endpoint to integrate

8+

Providers supported

0

Auth code to maintain

2 days

Average integration time

Build Now Documentation

Auth on Behalf - Section 6: Security Architecture

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

Security Architecture

Enterprise-grade protection by design

Session Isolation

Each account connection is isolated and sandboxed. No cross-contamination between user sessions.

Token Abstraction

Authorization tokens are managed server-side by Unipile. You only interact with a simple account_id.

Webhook Verification

Secure callbacks with optional authentication parameters to verify request authenticity.

Automatic Reconnection Handling

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

Automatic Reconnection Handling

Handle disconnections gracefully with automated workflows. When a user's session expires or credentials become invalid, Unipile notifies you instantly so you can trigger a seamless reconnection flow.

Webhook monitoring for CREDENTIALS status

Automated user notification workflow

Seamless reconnection experience

Same flow, type: "reconnect"

Webhook Alert Received

Account status changes to CREDENTIALS

status: "CREDENTIALS"

Notify User

Send email or in-app notification to reconnect

Generate Reconnect Link

Request hosted auth with type: reconnect

type: "reconnect"

Account Restored

User re-authenticates, session is restored

status: "RECONNECTED"

Auth on Behalf - Section 8: Supported Providers

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

Supported Providers

Full Auth on Behalf support across all integrations

LinkedIn Messaging

WhatsApp Messaging

Instagram Messaging

Telegram Messaging

Gmail Google OAuth

Outlook Microsoft OAuth

IMAP Email Protocol

Google Calendar Calendar

Outlook Calendar Calendar

Build Now Documentation

Auth on Behalf - Section 9: CTA Final

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

Get Started

Start Building with Auth on Behalf

Integrate in 2 days with comprehensive documentation and dedicated support. Connect your users' accounts securely.

Create your Unipile account

Sign up for free and get instant access to the dashboard

Access Hosted Auth documentation

Step-by-step guide to implement Auth on Behalf

Build Now Documentation

Accounts

3 Operational

0 Auth required

Name Account ID Status

John Doe

acc_01jgpb44... OK

Sarah Miller

acc_01jgpb55... OK

Alex Turner

acc_01jgpc1a... OK

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

2000+ Companies Innovating with Unipile

Trusted by industry leaders

1 API

Streamline operations for all major communication channels

2 Days

Achieve live integration quickly with minimal setup

30%

Reduction in maintenance efforts and resources

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

Built-In Security and Compliance

Enterprise-grade protection for your data and workflows Learn more about our security

SOC 2 Type II

Certified

Independently audited security controls ensuring data protection and operational integrity.

GDPR

Compliant

Full compliance with European data protection regulations for user privacy.

99.9%

Platform Uptime over the last 24 months

24/7

Global Support with high-performance API

.et_pb_preload:before{--wpr-bg-0cc1caa5-7142-4e67-a0e6-948954093554: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-d7b4cbca-7246-4281-9b13-ae8a126235a9: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-b9de04fa-60a0-4b40-8c54-f3d915b4904f: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-e77d99dd-1dac-4969-ac2a-ccb7c11f8a5f: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

Auth on Behalf FAQ

Common questions about user authentication and the Hosted Auth flow

01 What is Auth on Behalf and how is it different from bot APIs?

Auth on Behalf enables your app to perform actions as the actual user—not as a bot or app identity. With traditional bot APIs, recipients see the app's name instead of the user's real identity. With Auth on Behalf, messages appear exactly as if the user sent them manually—indistinguishable from native actions.

02 Do I need to store user credentials or tokens?

No. Unipile manages all authorization tokens server-side—whether they're OAuth tokens (Google, Microsoft), session tokens (LinkedIn, Instagram), or QR-based sessions (WhatsApp). You only store the account_id returned after successful authentication. This eliminates security risks associated with credential storage.

03 What is Hosted Auth and why should I use it?

Hosted Auth is a pre-built authentication wizard that handles all auth methods for you: OAuth flows (Google, Microsoft), QR code scanning (WhatsApp), session-based login (LinkedIn, Instagram), 2FA verification, and CAPTCHA challenges. Instead of building each flow separately, you generate one redirect link—Unipile handles everything else.

04 How do I implement the Hosted Auth flow?

Implementation takes 4 steps: 1) Generate a hosted auth link via our API, 2) Redirect the user to the returned URL, 3) Handle the webhook callback on your notify_url, 4) Store the account_id mapping and start making API calls. Most teams complete integration in 1-2 days.

05 What happens when a user's session expires?

When a session expires or credentials become invalid, you'll receive a webhook notification with status: "CREDENTIALS". You can then notify the user and generate a reconnection link using type: "reconnect". The flow is identical to initial authentication—seamless for both you and your users.

06 Can I use my own domain for the auth flow?

Yes. We support white-label custom domains. You can use your own subdomain (e.g., auth.yourapp.com) instead of Unipile's default URL. Simply configure a CNAME record pointing to account.unipile.com and contact our support to finalize the setup.

07 Which providers are supported?

Hosted Auth supports all Unipile providers: LinkedIn, WhatsApp, Instagram, Telegram (messaging), Gmail, Outlook, IMAP (email), and Google Calendar, Outlook Calendar (calendar). Each provider uses its native auth method (OAuth, QR code, or session)—all unified through one API.

08 What's the difference between building auth myself vs using Hosted Auth?

Building yourself means implementing multiple auth flows (OAuth for Google/Microsoft, QR scanning for WhatsApp, session management for LinkedIn), handling 2FA and CAPTCHA challenges, managing token refresh, and maintaining it all as providers change. With Hosted Auth, you generate one link—everything else is handled by Unipile with zero maintenance on your end.

Still have questions about Auth on Behalf?

View Documentation

User Authentication for Your Integration

What is Auth on Behalf?

One Link, All Auth Methods Handled

Pre-built UI

Redirect URLs

Webhooks

White-Label

Implementation in 4 Steps

Build It Yourself vs Unipile Hosted Auth

Security Architecture

Session Isolation

Token Abstraction

Webhook Verification

Automatic Reconnection Handling

Supported Providers

Start Building with Auth on Behalf

Accounts

Built-In Security and Compliance

Auth on Behalf FAQ

Let's integrate
in 2 days

Quick start video

Unipile's Guides

Join our Community

Company

Products

Use Cases

Solutions

Developers

Resources

User Authentication for Your Integration

What is Auth on Behalf?

One Link, All Auth Methods Handled

Pre-built UI

Redirect URLs

Webhooks

White-Label

Implementation in 4 Steps

Build It Yourself vs Unipile Hosted Auth

Security Architecture

Session Isolation

Token Abstraction

Webhook Verification

Automatic Reconnection Handling

Supported Providers

Start Building with Auth on Behalf

Accounts

Built-In Security and Compliance

Auth on Behalf FAQ

Let's integratein 2 days

Quick start video

Unipile's Guides

Join our Community

Company

Products

Use Cases

Solutions

Developers

Resources

Let's integrate
in 2 days