Apps Agent Instructions
BigID Apps - Agent Instructions
Section titled “BigID Apps - Agent Instructions”This directory contains documentation for building BigID Applications. When generating code, answering questions, or assisting developers with BigID Apps, adhere to the following core concepts:
Core Architecture
Section titled “Core Architecture”- BigID Apps are standalone web applications. They can be written in any programming language (Node.js/Express, Python/FastAPI, Java/Spring, etc.) as long as they can respond to HTTP requests.
- They do not run inside the BigID core codebase; they run alongside it and communicate via HTTP.
App Types
Section titled “App Types”- Utility Applications: Run custom code at regular intervals or on-demand. They rely on the
actionsdefined in the manifest. - Interactive Applications: Provide a user interface embedded within BigID. These require
is_interactive: truein the manifest and typically serve HTML/JS at a/uiendpoint. They use the@bigid/app-fw-ui-sdkNPM package for client-side context.
Mandatory Endpoints
Section titled “Mandatory Endpoints”Every BigID app MUST implement at least the following endpoints:
GET /manifest: Returns a JSON object describing the app (app_name,version,actions,permissions,global_params).POST /execute: The main webhook endpoint. When a user triggers an app action in BigID, BigID sends a POST request here containing theactionName,bigidToken, and any parameters.
Authentication & Security
Section titled “Authentication & Security”- Never hardcode credentials.
- When BigID calls
/execute, it provides abigidTokenin the JSON payload. The app must extract this token and use it as aBearertoken in theAuthorizationheader to make subsequent calls back to the BigID API. - For interactive apps, the UI SDK automatically handles token retrieval from the parent BigID window.
© 2026 BigID, Inc.
All rights reserved.
All rights reserved.