eero Data Portability - Third Party Onboarding

Data Portability Overview

eero Data Portability offers authorized third parties the capability to programmatically import eero customers' data to an app or website after customers give authorization through their eero account.

This document explains how  eero Data Portability works and the steps you need to take for your app or website to import customers' data. This feature is currently only available for customers who have a network that is physically located in the European Union. 

 

eero Data Portability Workflow

From your organization’s app or website, an eero page will be displayed where the customer can sign in and begin importing their eero device data using their existing eero account credentials or by signing in with their Amazon account. Prior to any data transfer, eero will display a disclaimer message informing customers of the required permissions for data sharing. 

image (27).png

Sample eero Authorization page

On the Authorization page, customers can select Continue or Cancel. 

  • If the customer selects Cancel, the workflow ends. Your application won’t have the capability to import that customer’s data.
  • If the customer selects Confirm, eero displays the Data sharing preferences page.

On the Data sharing preferences page, eero provides options for the customers to set their preferences, acknowledge the authorization, and select the Cancel or Authorize button. 

  • If the customer selects the Authorize button, it activates  eero Data Portability in your application, providing authorization to import that customer’s data.
  • If the customer selects Cancel, your application won't be authorized to import that customer's data.

After onboarding, you will receive a ‘client_id’ and ‘client_secret’, which are used for subsequent OAuth 2.0 API interactions. Once the customer selects Authorize, you will initiate the OAuth flow with eero. Your organization will save the authorization code provided in the HTTP response. You will use this authorization code and your ‘client secret’ to request an access token and refresh token. Save the access token and use this to call the eero Data Portability API. Access tokens automatically expire, so save the refresh token to gain future access tokens. 

 

Data Sharing Preferences

Data that is ported to your application depends on the preferences set by the customer in the Data sharing preferences page.

image (28).png

Data sharing preferences page

For how long do you want to grant access?

Customers select how long your application can import data by selecting a future date within the next: 

  • 1 day
  • 30 days
  • 90 days
  • 180 days
  • 1 year

Once the selected period expires, your application will be unable to import customer data unless the customer provides a new authorization. Authorization ends when a customer revokes access, or when the tokens expire. 

 

Steps to Onboard With eero

  1. Send an email to eero-data-portability-intake@amazon.com with the below details to begin the onboarding process:
    • Email address
    • Company name,
    • Company address,
    • Name of the business owner or legal representative
    • Please attach the business license to the email
  1. Respond to emails/queries/meeting invites from the eero/Amazon teams to help kickstart the onboarding process.
  1. A questionnaire will be shared after validating the above details. Fill the details and share it for further validation.
  1. Respond to emails/queries during the Third Party Security Assessment until its successful completion.
  1. Send an email to privacy@eero.com to initiate the process to integrate with eero APIs, and share the TPSA (Third party Security Assessment) ID for reference. eero will provide you with a non-disclosure agreement (NDA). Once the NDA is executed, eero will share the full documentation with you via email.
  1. Enable the customer experience (CX) in the 3P website and app.

 

Authorize Your Application With eero Portability API

Access to eero APIs is granted using OAuth 2.0 Protocol. Your application will need to integrate with eero OAuth REST APIs. eero APIs follow the standardized Authorization Code Grant protocol ( https://oauth.net/2/grant-types/authorization-code/ ) without PKCE ( https://oauth.net/2/pkce/). When a customer is authorizing you as a third party, you will receive an authorization code. The code and your client secret (provided to you before hand), can be exchanged for Bearer Access Tokens (https://oauth.net/2/access-tokens/) and Refresh Tokens (https://oauth.net/2/refresh-tokens/). 

These access tokens automatically expire at a configurable time. Once your access tokens are expired, Refresh tokens can be turned in for more access tokens. Please note that when the customer authorizes with you, they will specify an authorization duration. Once this duration is reached (for example, 1 year), all of your access tokens and refresh tokens will be revoked. The customer and eero will also have the ability to manually revoke access at any time. Once revoked or expired, the customer will have to reauthorize with you if they still want your services. 

A full API specification will be provided once you have completed the Third party Security Assessment and are ready for onboarding. You are expected to build your application around eero APIs which can be called directly, as we do not provide extra libraries. At a high level, we will need from you: 

  • Your company name (what customers will see when authorizing)
  • Your redirect URIs. We only route to your trusted URIs.
  • Proof that your application is handling the authorization code server-side. We do not currently support client-side applications.

Once we have this, we will create your client for you and provide you with your client credentials for future OAuth authenticated requests to eero Portability API.

Connect your application with eero portability API

Once your client has been created, you will have a Client Id and a Client Secret. You can use these to create access tokens on behalf of customers as outlined in “Authorize your application”. These Bearer Tokens will be passed as headers to the eero Portability API to retrieve information related to the customer. eero APIs are REST based and all access is read-only. The data categories we provide are: 

  • Network Settings
    eero networks preferences and configurations such as network SSIDs, passwords, and backup configurations.
  • eero Device Data
    Raw eero device data such as MAC addresses, IP addresses, and firmware versions.
  • Device Management
    Customer device data such as nicknames and attached profiles to devices, paused and blocked devices.
  • Security and Access
    Customer specified settings such as firewall and port forwarding rules.

A full API specification will be provided once you have completed the Third party Security Assessment and are onboarded.

Was this article helpful?

Didn't find what you're looking for?

Contact us. We’ll get back to you as soon as possible.

Powered by Zendesk