Getting started with AppFabric for productivity (preview) for application developers - AWS AppFabric
PrerequisitesStep 1. Create an AppFabric for productivity AppClientStep 2. Authenticate and authorize your applicationStep 3. Add the AppFabric user portal URL to your applicationStep 4. Use AppFabric to surface cross-app insights and actionsStep 5. Request AppFabric to verify your application

Getting started with AppFabric for productivity (preview) for application developers

The AWS AppFabric for productivity feature is in preview and is subject to change.

This section helps app developers integrate AWS AppFabric for productivity (preview) into their applications. AWS AppFabric for productivity enables developers to build richer app experiences for their users by generating AI-powered insights and actions from emails, calendar events, tasks, messages, and more across multiple applications. For a list of supported applications, see AWS AppFabric Supported Applications.

AppFabric for productivity offers app developers access to build and experiment within a secure and controlled environment. When you first start using AppFabric for productivity, you create an AppClient and register a single test user. This approach is designed to help you understand and test the authentication and communication flow between your application and AppFabric. After you've tested with a single user, you can submit your application to AppFabric for verification before expanding access to additional users (see Step 5. Request AppFabric to verify your application). AppFabric will verify application information before enabling wide spread adoption to help protect app developers, end users, and their data — paving the way for expanding user adoption in a responsible manner.

Topics

Prerequisites

Before you get started, you need to create an AWS account. For more information, see Sign up for an AWS account. You also need to create at least one user with access to the "appfabric:CreateAppClient" IAM policy listed below, which allows the user to register your application with AppFabric. For more information about granting permissions for the AppFabric for productivity features, see AppFabric for productivity IAM policy examples. While having an administrative user is beneficial, it's not mandatory for initial setup. For more information, see Create a user with administrative access.

AppFabric for productivity is only in US East (N. Virginia) during preview. Ensure you’re in this region before you start the steps below.

{
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "appfabric:CreateAppClient"
            ],
            "Resource": ["arn:aws:appfabric:*:*:appclient/*"]
        }
    ],
    "Version": "2012-10-17"
}

Step 1. Create an AppFabric for productivity AppClient

Before you can start surfacing AppFabric for productivity insights within your application, you need to create an AppFabric AppClient. An AppClient is essentially your gateway to AppFabric for productivity, functioning as a secure OAuth application client enabling secure communication between your application and AppFabric. When you create an AppClient, you'll be provided with an AppClient ID, a unique identifier crucial for ensuring that AppFabric knows that it's working with your application and your AWS account.

AppFabric for productivity offers app developers access to build and experiment within a secure and controlled environment. When you first start using AppFabric for productivity, you create an AppClient and register a single test user. This approach is designed to help you understand and test the authentication and communication flow between your application and AppFabric. After you've tested with a single user, you can submit your application to AppFabric for verification before expanding access to additional users (see Step 5. Request AppFabric to verify your application). AppFabric will verify application information before enabling wide spread adoption to help protect app developers, end users, and their data — paving the way for expanding user adoption in a responsible manner.

To create an AppClient, use the AWS AppFabric CreateAppClient API operation. If you need to update the AppClient after, you can use the UpdateAppClient API operation to change only the redirectUrls. If you need to change any of the other parameters associated with your AppClient such as appName or description, you must delete the AppClient and create a new one. For more information, see CreateAppClient.

You can register your application with AWS services using the CreateAppClient API using several programming languages, including Python, Node.js, Java, C#, Go and Rust. For more information, see Request signature examples in the IAM User Guide. You need to use your account signature version 4 credentials to perform this API operation. For more information about signature version 4, see Signing AWS API requests in the IAM User Guide.

Request Fields

  • appName - The name of the application that will be displayed to the users on the consent page of the AppFabric user portal. The consent page asks end users for permission to display AppFabric insights inside your application. For details about the consent page, see Step 2. Provide consent for the app to display insights.

  • description - A description for the application.

  • redirectUrls - The URI to redirect end users to after authorization. You can add up to 5 redirectUrls. For example, https://localhost:8080.

  • starterUserEmails - A user email address that will be allowed access to receive the insights until the application is verified. Only one email address is allowed. For example, anyuser@example.com

  • customerManagedKeyIdentifier (optional) - The ARN of the customer managed key (generated by KMS) to be used to encrypt the data. If not specified, then AWS AppFabric managed key will be used. For more information about AWS owned keys and customer managed keys, see Customer keys and AWS keys in the AWS Key Management Service Developer Guide.

Response Fields

  • appClientArn - The Amazon Resource Name (ARN) that includes the AppClient ID. For example, the AppClient ID is a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.

  • verificationStatus - The AppClient verification status.

    • pending_verification - The verification of the AppClient is still in progress with AppFabric. Until the AppClient is verified, only one user (specified in starterUserEmails) can use the AppClient. The user will see a notification in the AppFabric user portal, introduced in Step 3. Add the AppFabric user portal URL to your application, indicating that the application isn't verified.

    • verified - The verification process has been successfully completed by AppFabric and the AppClient is now fully verified.

    • rejected - The verification process for the AppClient was rejected by AppFabric. The AppClient cannot be used by additional users until the verification process is re-initiated and completed successfully.

curl --request POST \
  --header "Content-Type: application/json" \
  --header "X-Amz-Content-Sha256: <sha256_payload>" \
  --header "X-Amz-Security-Token: <security_token>" \
  --header "X-Amz-Date: 20230922T172215Z" \
  --header "Authorization: AWS4-HMAC-SHA256 ..." \
  --url https://appfabric.<region>.amazonaws.com/appclients/ \
  --data '{
    "appName": "Test App",
    "description": "This is a test app",
    "redirectUrls": ["https://localhost:8080"],
    "starterUserEmails": ["anyuser@example.com"],
    "customerManagedKeyIdentifier": "arn:aws:kms:<region>:<account>:key/<key>"
}'

If the action is successful, the service sends back an HTTP 200 response.

{
    "appClientConfigSummary": {
        "appClientArn": "arn:aws:appfabric:<region>:<account>:appclient/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
        "verificationStatus": "pending_verification"
    }
}

Step 2. Authenticate and authorize your application

Enable your application to securely integrate AppFabric insights by establishing an OAuth 2.0 authorization flow. First, you need to create an authorization code, which verifies your application identity. For more information, see Authorize. Then you'll exchange this authorization code for an access token, which grants your application the permissions to fetch and display AppFabric insights within your application. For more information, see Token.

For more information about granting permission to authorize an application, see Allow access to authorize applications.

  1. To create an authorization code, use the AWS AppFabric oauth2/authorize API operation.

    Request Fields

    • app_client_id (required) - The AppClient ID for the AWS account created in Step 1. Create an AppClient. For example, a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.

    • redirect_uri (required) - The URI to redirect end users to after authorization you used in Step 1. Create an AppClient. For example, https://localhost:8080.

    • state (required) - A unique value to maintain the state between the request and callback. For example, a8904edc-890c-1005-1996-29a757272a44.

    GET https://productivity.appfabric.<region>.amazonaws.com/oauth2/authorize?app_client_id=a1b2c3d4-5678-90ab-cdef-EXAMPLE11111\
redirect_uri=https://localhost:8080&state=a8904edc-890c-1005-1996-29a757272a44

  2. After authentication, you’ll be redirected to the specified URI with an authorization code returned as a query parameter. For example, where code=mM0NyJ9.MEUCIHQQgV3ChXGs2LRwxLtpsgya3ybfPYXfX-sxTAdRF-gDAiEAxX7BYKlD9krG3J2VtprOjVXZ0FSUX9whdekqJ-oampc.

    https://localhost:8080/?code=mM0NyJ9.MEUCIHQQgV3ChXGs2LRwxLtpsgya3ybfPYXfX-sxTAdRF-gDAiEAxX7BYKlD9krG3J2VtprOjVXZ0FSUX9whdekqJ-oampc&state=a8904edc-890c-1005-1996-29a757272a44

  3. Exchange this authorization code for an access token using the AppFabric oauth2/token API operation.

    This token is used for API requests and is initially valid for the starterUserEmails until the AppClient is verified. After the AppClient is verified, this token can be used for any user. You need to use your account signature version 4 credentials to perform this API operation. For more information about signature version 4, see Signing AWS API requests in the IAM User Guide.

    Request Fields

    • code (required) - The authorization code you received after authenticating in the last step. For example, mM0NyJ9.MEUCIHQQgV3ChXGs2LRwxLtpsgya3ybfPYXfX-sxTAdRF-gDAiEAxX7BYKlD9krG3J2VtprOjVXZ0FSUX9whdekqJ-oampc.

    • app_client_id (required) - The AppClient ID for the AWS account created in Step 1. Create an AppClient. For example, a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.

    • grant_type (required) - The value must be authorization_code.

    • redirect_uri (required) - The URI to redirect users to after authorization you used in Step 1. Create an AppClient. This must be the same redirect URI used to create an authorization code. For example, https://localhost:8080.

    Response Fields

    • expires_in - How soon before the token expires. The default expiration time is 12 hours.

    • refresh_token - The refresh token received from the initial /token request.

    • token - The token received from the initial /token request.

    • token_type - The value will be Bearer.

    • appfabric_user_id - The AppFabric user id. This is returned only for requests that use the authorization_code grant type.

    curl --location \
"https://appfabric.<region>.amazonaws.com/oauth2/token" \
--header "Content-Type: application/json" \
--header "X-Amz-Content-Sha256: <sha256_payload>" \
--header "X-Amz-Security-Token: <security_token>" \
--header "X-Amz-Date: 20230922T172215Z" \
--header "Authorization: AWS4-HMAC-SHA256 ..." \
--data "{
    \"code\": \"mM0NyJ9.MEUCIHQQgV3ChXGs2LRwxLtpsgya3ybfPYXfX-sxTAdRF-gDAiEAxX7BYKlD9krG3J2VtprOjVXZ0FSUX9whdekqJ-oampc",
    \"app_client_id\": \"a1b2c3d4-5678-90ab-cdef-EXAMPLE11111\",
    \"grant_type\": \"authorization_code\",
    \"redirect_uri\": \"https://localhost:8080\"
}"

    If the action is successful, the service sends back an HTTP 200 response.

    {
    "expires_in": 43200,
    "refresh_token": "apkaeibaerjr2example",
    "token": "apkaeibaerjr2example",
    "token_type": "Bearer", 
    "appfabric_user_id" : "<userId>"
}

Step 3. Add the AppFabric user portal URL to your application

End users need to authorize AppFabric to access data from their applications that are used to generate insights. AppFabric removes the complexity for app developers to own this process by building a dedicated user portal (a pop-up screen) for end users to authorize their apps. When users are ready to enable AppFabric for productivity, they'll be taken to the user portal which enables them to connect and manage applications used to generate insights and cross-app actions. When logged in, users can connect applications to AppFabric for productivity and then go back to your application to explore the insights and actions. To integrate your application with AppFabric for productivity, you need to add a specific AppFabric URL to your application. This step is crucial for enabling users to access the AppFabric user portal directly from your application.

  1. Navigate to your application’s settings and locate the section for adding redirect URLs.

  2. After you find the appropriate area, add the following AppFabric URL as a redirect URL to your application:

    https://userportal.appfabric.<region>.amazonaws.com/eup_login

After you add the URL, your application will be set up to direct users to the AppFabric user portal. Here, users can log in and connect and manage their applications used to generate AppFabric for productivity insights.

Step 4. Use AppFabric to surface cross-app insights and actions

After users connect their applications, you can bring your user’s insights to improve their productivity by helping reducing app and context switching. AppFabric only generates insight for a user based on what the user has permission to access. AppFabric stores user data in an AWS account owned by AppFabric. For information about how AppFabric uses your data, see Data processing.

You can use the following AI-powered APIs to generate and surface user-level insights and actions within your apps:

  • ListActionableInsights — For more information, see the Actionable insights section below.

  • ListMeetingInsights — For more information, see the Meeting preparation section later in this guide.

Actionable insights (ListActionableInsights)

The ListActionableInsights API helps users best manage their day surfacing actionable insights based on activity across their applications, including emails, calendar, messages, tasks, and more. Returned insights will also show embedded links to artifacts used to generate the insight — helping users to quickly view what data was used to generate the insight. Additionally, the API may return suggested actions based on the insight and allow users to execute cross-app actions from within your application. Specifically, the API integrates with platforms like Asana, Google Workspace, Microsoft 365, and Smartsheet to enable users to send emails, create calendar events, and create tasks. The large language models (LLMs) may pre-populate details within a recommended action (such as email body or task name), which users can customize before execution — simplifying decision-making and enhancing productivity. Similar to the experience for end users to authorize applications, AppFabric uses the same dedicated portal for users to view, edit, and execute cross-app actions. For executing actions, AppFabric requires ISVs to re-direct users to a AppFabric user portal where they can see action details and execute them. Every action generated by AppFabric has a unique URL. This URL is available in the response of ListActionableInsights API response.

Below is a summary of the supported cross-app actions and in which apps:

  • Send email (Google Workspace, Microsoft 365)

  • Create calendar event (Google Workspace, Microsoft 365)

  • Create task (Asana, Smartsheet)

Request Fields

  • nextToken (optional) - The pagination token to fetch the next set of insights.

  • includeActionExecutionStatus - A filter which accepts list of action execution statuses. The actions are filtered based on status values passed in. Possible values: NOT_EXECUTED | EXECUTED

Request Header

  • Authorization header needs to be passed in with the Bearer Token value.

Response Fields

  • insightId - The unique id for the generated insight.

  • insightContent - This returns a summary of the insight and embedded links to artifacts used to generate the insight. Note: This would be an HTML content containing embedded links (<a> tags).

  • insightTitle - The title of the generated insight.

  • createdAt - When the insight was generated.

  • actions - A list of actions recommend for the generated insight. Action object:

    • actionId - The unique id for the generated action.

    • actionIconUrl - The icon URL for the app that the action is suggested to be executed in.

    • actionTitle - The title of the generated action.

    • actionUrl - The unique URL for the end user to view and execute the action in AppFabric’s user portal. Note: for executing actions, ISV apps will re-direct users to AppFabric user portal (pop up screen) using this URL.

    • actionExecutionStatus - An enum indicating the status of the action. The possible values are: EXECUTED | NOT_EXECUTED

  • nextToken (optional) - The pagination token to fetch the next set of insights. It’s an optional field which if returned null means there are no more insights to load.

For more information, see ActionableInsights.

curl -v --location \
  "https://productivity.appfabric.<region>.amazonaws.com"\
"/actionableInsights" \
  --header "Authorization: Bearer <token>"

If the action is successful, the service sends back an HTTP 200 response.

200 OK

{
    "insights": [
        {
            "insightId": "7tff3412-33b4-479a-8812-30EXAMPLE1111",
            "insightContent": "You received an email from James
            regarding providing feedback
            for upcoming performance reviews.",
            "insightTitle": "New feedback request",
            "createdAt": 2022-10-08T00:46:31.378493Z,
            "actions": [
                {
                    "actionId": "5b4f3412-33b4-479a-8812-3EXAMPLE2222",
                    "actionIconUrl": "https://d3gdwnnn63ow7w.cloudfront.net/eup/123.svg",
                    "actionTitle": "Send feedback request email",
                    "actionUrl": "https://userportal.appfabric.us-east-1.amazonaws.com/action/action_id_1"
                    "actionExecutionStatus": "NOT_EXECUTED"
                }
            ]
        },
        {
            "insightId": "2dff3412-33b4-479a-8812-30bEXAMPLE3333",
            "insightContent":"Steve sent you an email asking for details on project. Consider replying to the email.",
            "insightTitle": "New team launch discussion",
            "createdAt": 2022-10-08T00:46:31.378493Z,
            "actions": [
                {
                    "actionId": "74251e31-5962-49d2-9ca3-1EXAMPLE1111",
                    "actionIconUrl": "https://d3gdwnnn63ow7w.cloudfront.net/eup/123.svg",
                    "actionTitle": "Reply to team launch email",
                    "actionUrl": "https://userportal.appfabric.us-east-1.amazonaws.com/action/action_id_2"
                    "actionExecutionStatus": "NOT_EXECUTED"
                }
            ]
        }
    ],
    "nextToken": null
}

Meeting preparation (ListMeetingInsights)

The ListMeetingInsights API helps users best prepare for upcoming meetings by summarizing the meeting purpose and surfacing relevant cross-app artifacts such as emails, messages, and more. Users can quickly prepare for meetings now and don’t waste time switching between apps to find content.

Request Fields

  • nextToken (optional) - The pagination token to fetch the next set of insights.

Request Header

  • Authorization header needs to be passed in with the Bearer Token value.

Response Fields

  • insightId - The unique id for the generated insight.

  • insightContent - The description of the insight highlighting the details in a string format. As in, why is this insight important.

  • insightTitle - The title of the generated insight.

  • createdAt - When the insight was generated.

  • calendarEvent - The important calendar event or meeting that the user should focus on. Calendar Event object:

    • startTime - The start time of the event.

    • endTime - The end time of the event.

    • eventUrl - The URL for the calendar event on the ISV app.

  • resources - The list containing the other resources related to the generate the insight. Resource object:

    • appName - The app name to which the resource belongs.

    • resourceTitle - The resource title.

    • resourceType - The type of the resource. The possible values are: EMAIL | EVENT | MESSAGE | TASK

    • resourceUrl - The resource URL in the app.

    • appIconUrl - The image URL of the app to which the resource belongs.

  • nextToken (optional) - The pagination token to fetch the next set of insights. It’s an optional field which if returned null means there are no more insights to load.

For more information, see MeetingInsights.

curl --location \
  "https://productivity.appfabric.<region>.amazonaws.com"\
"/meetingContexts" \
  --header "Authorization: Bearer <token>"

If the action is successful, the service sends back an HTTP 201 response.

200 OK

{
    "insights": [
        {
            "insightId": "74251e31-5962-49d2-9ca3-15EXAMPLE4444"
            "insightContent": "Project demo meeting coming up soon. Prepare accordingly",
            "insightTitle": "Demo meeting next week",
            "createdAt": 2022-10-08T00:46:31.378493Z,
            "calendarEvent": {
                    "startTime": {
                        "timeInUTC": 2023-10-08T10:00:00.000000Z,
                        "timeZone": "UTC"
                     },
                    "endTime": {
                        "timeInUTC": 2023-10-08T11:00:00.000000Z,
                        "timeZone": "UTC"
                     },
                    "eventUrl": "http://someapp.com/events/1234",
            }
            "resources": [
                {
                    "appName": "SOME_EMAIL_APP",
                    "resourceTitle": "Email for project demo",
                    "resourceType": "EMAIL",
                    "resourceUrl": "http://someapp.com/emails/1234",
                    "appIconUrl":"https://d3gdwnnn63ow7w.cloudfront.net/eup/123.svg"
                }
            ]
        },
        {
            "insightId": "98751e31-5962-49d2-9ca3-15EXAMPLE5555"
            "insightContent": "Important code complete task is now due. Consider updating the status.",
            "insightTitle": "Code complete task is due",
            "createdAt": 2022-10-08T00:46:31.378493Z,
            "calendarEvent":{
                    "startTime": {
                        "timeInUTC": 2023-10-08T10:00:00.000000Z,
                        "timeZone": "UTC"
                     },
                    "endTime": {
                        "timeInUTC": 2023-10-08T11:00:00.000000Z,
                        "timeZone": "UTC"
                     },
                    "eventUrl": "http://someapp.com/events/1234",
            },
            "resources": [
                {
                    "appName": "SOME_TASK_APPLICATION",
                    "resourceTitle": "Code Complete task is due",
                    "resourceType": "TASK",
                    "resourceUrl": "http://someapp.com/task/1234",
                    "appIconUrl": "https://d3gdwnnn63ow7w.cloudfront.net/eup/123.svg"
                }
            ]
        }
    ],
    "nextToken": null
}

Provide feedback for your insights or actions

Use the AppFabric PutFeedback API operation to provide feedback for the generated insights and actions. You can embed this feature in your apps to provide a way to submit a feedback rating (1 to 5, where the higher rating the better) for a given InsightId or ActionId.

Request fields

  • id - The identifier of the object for which feedback is being submitted. This can be either the InsightId or the ActionId.

  • feedbackFor - The resource type for which feedback is being submitted. Possible values: ACTIONABLE_INSIGHT | MEETING_INSIGHT | ACTION

  • feedbackRating - Feedback rating from 1 to 5. Higher rating the better.

Response fields

  • There are no response fields.

For more information, see PutFeedback.

curl --request POST \
  --url "https://productivity.appfabric.<region>.amazonaws.com"\
"/feedback" \
  --header "Authorization: Bearer <token>" \
  --header "Content-Type: application/json" \
  --data '{
    "id": "1234-5678-9012",
    "feedbackFor": "ACTIONABLE_INSIGHT"
    "feedbackRating": 3
}'

If the action is successful, the service sends back an HTTP 201 response with an empty HTTP body.

Step 5. Request AppFabric to verify your application

To this point, you've updated your application UI to embed AppFabric cross-app insights and actions, and received insights for a single user. After you’re satisfied with testing and want to extend your AppFabric-enriched experience to additional users, you can submit your application to AppFabric for review and verification. AppFabric will verify application information before enabling wide spread adoption to help protect app developers, end users, and their data — paving the way for expanding user adoption in a responsible manner.

Initiate the verification process

Begin the verification process by sending an email to appfabric-appverification@amazon.com and requesting that your app be verified.

Include the following details in your email:

  • Your AWS account ID

  • The name of the application you're seeking verification for

  • Your AppClient ID

  • Your contact information

Additionally, provide the following information, if available, to help us assess priority and impact:

  • An estimated number of users you plan to grant access to

  • Your target launch date

Note

If you have an AWS account manager or AWS partner development manager, please copy them on your email. Including these contacts can help expedite the verification process.

Verification criteria

Before initiating the verification process, you must meet the following criteria:

  • You must use a valid AWS account to use AppFabric for productivity

Additionally, you meet at least one of these criteria:

  • Your organization is an AWS partner on the AWS Partner Network with at least an “AWS Select” tier. For more information, see AWS Partner Services Tiers.

  • Your organization should have spent at least $10,000 on AppFabric services within the last three years.

  • Your application should be listed on the AWS Marketplace. For more information, see the AWSMarketplace.

Await verification status update

After your application is reviewed, we'll respond via email and the status of your AppClient will change from pending_verification to verified. If your application is rejected, you’ll need to re-initiate the verification process.