Securing your App
Grammarly provides two main options for securing your application: origin-based authentication and trusted authentication.
Before making your Web and Desktop apps available in a production environment, please read over both the options available and choose the model that’s best suited for your application and use case.
Origin-based authentication is the default authentication model configured when you create a new Grammarly for Developers application. In this model, you can add one or more approved HTTP origins to your app’s allowlist.
When you enable and configure origin-based authentication, Grammarly will only accept requests that 1) originate from an approved origin, and 2) contain your application’s client ID.
Advantages of origin-based authentication
- Easy to set up.
- Requires no server-side code.
Disadvantages of origin-based authentication
- Your server does not control who can access your Grammarly application.
- Clients are primarily validated according to an approved allowlist.
Trusted authentication is a feature of the Text Editor SDK that adds an additional layer of security to your application. With trusted authentication, Grammarly generates a private key that uniquely identifies your application. Your server must then use this private key to issue an assertion, which will be sent to Grammarly each time your application validates a user session with Grammarly.
When Trusted Authentication is enabled, Grammarly will only allow a user access to Grammarly's assistance in your app if their assertion is signed with your private key.
Advantages of trusted authentication:
- Your server controls who can access your Grammarly application.
- Clients are validated using a cryptographic key shared between you and Grammarly.
Disadvantages of trusted authentication:
- Takes time to set up.
- Requires server-side code.
Recommendations for production applications
Origin-based authentication is a good solution in the following scenarios:
- When you’re okay with completely anonymous users using Grammarly in your application.
- When you're just getting started and want to try Grammarly’s SDKs with minimal effort.
- When your application is in a lab or testing environment and you’re not opening it up to production traffic.
- When your application is a short-lived proof-of-concept or a demo application.
Additionally, Grammarly recommends that you take the extra steps to use trusted authentication as a means of authentication in the following scenarios:
- When you use one of Grammarly’s paid subscription plans and want to control exactly who can access the paid features.
- When you want to ensure that only authorized users have access to the Grammarly features of your application.