Integrator Best-Practice Guide

Overview

This guide is for ticket-system vendors building a deep helpdesk integration with pcvisit (e.g. DocBee, or any partner using the Integrators enum). It focuses on recommendations, responsibilities, and pitfalls — not on repeating API call details.

Use this guide together with:

Document Purpose
Integration Manual End-to-end walkthrough with GraphQL examples, URL formats, and webhook payloads
API Reference Complete schema: operations, types, fields, and enums

Audience: Product owners and engineers at ticket-system / PSA vendors who orchestrate onboarding, sessions, webhooks, and device matching on behalf of MSP customers.

Not in scope here: pcvisit backend internals, BPL bounded-context design, or pcvisit webapp UX implementation.


Mental Model

Closed loop

pcvisit acts as the process engine for remote support: sessions run in pcvisit, results are recorded in pcvisit work history, and session completion is pushed to your webhook. Your system closes the loop by attaching duration, participants, and comments to the correct ticket and device.

flowchart LR
    subgraph integrator [Your ticket system]
        Onboard[Onboard MSP]
        Ticket[Ticket and device DB]
        WebhookEP[Webhook endpoint]
    end
    subgraph pcvisit [pcvisit]
        API[GraphQL API]
        Session[Remote session]
        WH[Webhook delivery]
    end
    Onboard -->|activate token register webhook| API
    API -->|asset sync thirdPartyIds| Ticket
    Ticket -->|SSO URL ticket_ref| Session
    Session -->|SessionCompleted| WH
    WH --> WebhookEP
    WebhookEP --> Ticket

Responsibility split

Area Your responsibility pcvisit responsibility
Onboarding UX Pre-check account, provision or link company, store token securely Create account/company, issue integrator token, send lifecycle e-mails
Team membership Explicitly add technicians before SSO (no auto-join) Enforce team limits, notify owner on add/remove
Session start Request JWT, build session URL with ticket_ref (and optional JWE) Authenticate technician, create session, persist externalContext
Session results Verify HMAC, parse payload, idempotent processing, user-friendly 4xx on business errors Deliver webhooks with retries; never require polling
Device matching Map thirdPartyIds / computerId to your records Collect and expose IDs on assets and in webhooks
Errors in your UI Display comment_for_user verbatim; branch on error Provide stable ErrorIDs and localized user text
Integration teardown Call CaDeleteIntegration or detect invalid token and prompt re-link Invalidate token, cascade-delete webhooks

Follow these phases in order for a minimal viable integration. Step-by-step API examples live in the Integration Manual — Integrator Integration.

Phase Goal Manual section
1. Setup Provision or link company, activate integration, register webhook, initial asset sync Step 1, Step 2, Step 7
2. Session start Onboard technician, issue SSO JWT, open session URL from ticket Step 3, Step 4, Step 6
3. Ticket assignment Receive SessionCompleted, match ticket/device, book time Step 8
4. Teardown Detach integration when MSP disconnects Step 9

Pilot recommendation: Implement Phase 1 + outbound session with ticket_ref + SessionCompleted webhook before optional features (JWE credentials, live asset subscription, inbound-only sessions).


Best Practices by Topic

Onboarding and provisioning

Token and JWT handling

Team membership (no auto-join)

SSO and impersonation

JWE credential handover

Webhooks

Full payload and headers: Manual — Step 8.

Device matching

External session context

Error handling

Resilience and data loss

User communication (pass-through)

pcvisit sends lifecycle e-mails and provides webapp touchpoints (onboarding, trial limits, integration removed). Your responsibilities:


Rollout Recommendations

  1. Sandbox first — use a dedicated stage GraphQL endpoint and test full loop: provision → webhook → SSO URL → complete session → receive webhook.
  2. MVP feature set: SiFindUserByMail, FirstTimeCustomerPlaceOrderOnBehalfOfIntegrator or link path, CaCreateIntegration, CaRegisterIntegrationWebhook, InviteToCompanyTeamOnBehalfOfIntegrator, SiRetrieveSignedJwt, session URL with ticket_ref, FindCurrentAssets, SessionCompleted handler.
  3. Phase 2 enhancements: JWE credentials, AmFindAssets live sync, inbound session matching, CaDeleteIntegration admin action.
  4. Security review checklist: Token storage, webhook HMAC, TLS-only callback URL, no credential logging, JWE only on known devices.

Quick Reference Map

Task Integration Manual API Reference
Check if user exists Pre-Check SiFindUserByMail
Provision new company Zero-Touch Provisioning FirstTimeCustomerPlaceOrderOnBehalfOfIntegrator
Activate integration Step 1 — CaCreateIntegration CaCreateIntegration
Register webhook Step 2 CaRegisterIntegrationWebhook
Add technician Step 3 InviteToCompanyTeamOnBehalfOfIntegrator
SSO JWT Step 4 SiRetrieveSignedJwt
JWE credentials Step 5 SiDecryptAuthToken (pcvisit webapp)
Session URL Opening a Session via Link ExternalSessionContext
Asset sync Step 7 FindCurrentAssets, AmFindAssets
Webhook handling Step 8 WebhookType, WebhookEventType
Teardown Step 9 CaDeleteIntegration
Authentication Authentication
Error codes Error Handling ErrorIDs, Failure

DocBee as Reference Implementation

Throughout the Integration Manual, DocBee is used as the concrete integratorId example. The same patterns apply to any vendor entry in Integrators once enabled for your partner credentials.

When comparing against internal specs, treat the published Manual and API Reference as the contract for implementation; they are aligned with the current GraphQL schema in public_api.schema.json.