Provider Authentication Overview

About

By the end of this section, the objective is to successfully authenticate your application and link provider credentials to Leaf, enabling you to start integrating standardized data from major agricultural providers. Ultimately you'll want your customers to be able to integrate their (user-permissioned) data from their providers into your application. So in order to set this up at the user level, you'll need to attach the user token from the provider to the Leaf User.

TIP: Once you get to the stage of building the user authentication UI for your customers integrating their providers, we recommend using our pre-built Leaf Link widget.

Provider authentication process with Leaf

Each data provider's authentication flow is slightly different. Please refer to the tutorials below for the steps:

This authentication flow has to be done only once in most cases. Leaf will manage the tokens and refresh them when needed.

Provider environments

Some providers utilize distinct environments, which Leaf categorizes as STAGE (also known as Sandbox or Test) and PRODUCTION. It's crucial to align the clientEnvironment setting in your Leaf credentials request with your application's status and the type of provider accounts you intend to use:

  • STAGE: Use this environment for development and testing. It typically requires corresponding test accounts from the provider. Real customer accounts usually won't work in this environment. Leaf often defaults to this environment.
  • PRODUCTION: Use this environment only when your application has received production access approval from the provider. This environment works with real customer accounts, but test/sandbox accounts often won't function here.

Ensure your application has the necessary permissions from the provider for the environment you select (especially for Production). Mismatched environments or permissions will likely result in non-functional credentials. Refer to specific provider documentation (like John Deere's or CNHI's) for details on their environment requirements and approval processes.

Provider scopes

Some providers like John Deere and Climate FieldView keep their resources under specific permissions, which means the user needs to grant access during the authentication process mentioned before. The allowed permissions are grouped in Leaf products as described below:

ScopeDescription
FIELDS:READRequests permission to access the field boundaries entities from the provider
FIELDS:WRITERequests permission to create field boundary entities in the provider
OPERATIONS:READRequests permission to fetch and download operation data and files from the provider
PRESCRIPTION:READRequests permission to fetch and download prescription data and files from the provider
PRESCRIPTION:WRITERequests permission to upload prescription files to the provider
ASSETS:READRequests permission to get asset information like machines, implements, and operators from the provider
PRODUCTS:READRequests permission to get products and varieties information from the provider, like fertilizers, and chemicals
ZONES:READRequests permission to get zone information from the provider

The scopes can be used in the Leaf authentication URL helper or in the application key information from Leaf Link.

Provider credentials endpoints

For more details about provider credentials endpoints, see below for:

Also, we recommend use our Providers Integrations Resources endpoint to debrief the ingested resources from the authenticated account. With the Providers Integrations Resources, you can access all the relevant information between the authentication and the processing of your resources ingested into Leaf's API. The resource summary gives you more visibility on what and how many resources are being processed.

Need more guidance? Contact us at help@withleaf.io.