Securing your App

Grammarly provides two main options for securing your application: origin-based authentication and trusted authentication.

Before making your Web and Desktop apps available in a production environment, please read over both the options available and choose the model that’s best suited for your application and use case.

Origin-based authentication

Origin-based authentication is the default authentication model configured when you create a new Grammarly for Developers application. In this model, you can add one or more approved HTTP origins to your app’s allowlist.

When you enable and configure origin-based authentication, Grammarly will only accept requests that 1) originate from an approved origin, and 2) contain your application’s client ID.

Advantages of origin-based authentication

  • Easy to set up.
  • Requires no server-side code.

Disadvantages of origin-based authentication

  • Your server does not control who can access your Grammarly application.
  • Clients are primarily validated according to an approved allowlist.

Trusted authentication

Trusted authentication is a feature of the Text Editor SDK that adds an additional layer of security to your application. With trusted authentication, Grammarly generates a private key that uniquely identifies your application. Your server must then use this private key to issue an assertion, which will be sent to Grammarly each time your application validates a user session with Grammarly.

When Trusted Authentication is enabled, Grammarly will only allow a user access to Grammarly's assistance in your app if their assertion is signed with your private key.

Advantages of trusted authentication:

  • Your server controls who can access your Grammarly application.
  • Clients are validated using a cryptographic key shared between you and Grammarly.

Disadvantages of trusted authentication:

  • Takes time to set up.
  • Requires server-side code.

Recommendations for production applications

Origin-based authentication is a good solution in the following scenarios:

  • When you’re okay with completely anonymous users using Grammarly in your application.
  • When you're just getting started and want to try Grammarly’s SDKs with minimal effort.
  • When your application is in a lab or testing environment and you’re not opening it up to production traffic.
  • When your application is a short-lived proof-of-concept or a demo application.

Additionally, Grammarly recommends that you take the extra steps to use trusted authentication as a means of authentication in the following scenarios:

  • When you use one of Grammarly’s paid subscription plans and want to control exactly who can access the paid features.
  • When you want to ensure that only authorized users have access to the Grammarly features of your application.
Last Updated: 11/22/2022, 7:01:25 PM