Securing Your Integration

Grammarly provides two main options for securing your integration: origin-based authentication and trusted authentication.

Before making your web and desktop apps available in a production environment, please read over both options and choose the model that’s best suited for your application and use case.

Origin-based authentication

Origin-based authentication is the default authentication model for new Grammarly for Developers applications. In this model, you can add one or more approved HTTP origins to your app’s allowlist.

With origin-based authentication, Grammarly will only accept requests that 1) originate from an approved origin and 2) contain your application’s client ID.

Advantages of origin-based authentication

• Easy to set up
• Requires no server-side code

Disadvantages of origin-based authentication

• Your server does not control who can access the Grammarly features of your application.
• Clients are primarily validated according to a pre-configured allowlist.

Trusted authentication

Trusted authentication is a feature of the Text Editor SDK that adds an additional layer of security to your application. With trusted authentication, Grammarly generates a private key that uniquely identifies your application. Your server must then use this private key to issue an assertion, which will be sent to Grammarly each time your application validates a user session with Grammarly.

When trusted authentication is turned on, Grammarly will only allow a user access to Grammarly's assistance in your app if their assertion is signed with your private key.

Advantages of trusted authentication:

• Your server controls who can access the Grammarly features of your application.
• Clients are validated using a cryptographic key shared between you and Grammarly.

Disadvantages of trusted authentication:

• Takes time to set up
• Requires server-side code

Recommendations for production applications

Origin-based authentication is a good solution in the following scenarios:

• When you’re OK with completely anonymous users using Grammarly in your application
• When you're just getting started and want to try Grammarly for Developers with minimal effort
• When your application is in an experimental or testing environment and you’re not opening it up to production traffic
• When your application is a short-lived proof-of-concept or a demo application

Grammarly recommends that you take the extra steps to use trusted authentication as a means of authentication in the following scenarios:

• When your app is on the Grammarly for Developers Plus plan and you want to control exactly who can access paid features
• When you want to ensure that only authorized users have access to the Grammarly features of your application