Skip to main content

Overview

Managed integrations are Cartesian-provided integrations for common platforms that handle Agent embedding and end user authentication on your behalf. They are an optional part of the system — if you are integrating the Agent directly using the Agents SDK, you do not need managed integrations.

With a managed integration, Cartesian takes care of injecting the Agent tracking script and signing JWT tokens that carry end user context. End users never interact with the Cartesian platform — the integration manages everything transparently.

Supported Integrations

  • MainWP Extension — A MainWP dashboard extension that enables centralized management of the Cartesian Agent across multiple WordPress sites.

Key Concepts

Access Keys

Access keys are API credentials that a managed integration uses to authenticate with the Agent Integrations API. You create and manage access keys from the Ecosystem Hub. Each key has a name, description, and an optional expiration period.

When you create an access key, the full key value is shown only once. Store it securely — you cannot retrieve it later, but you can always create a new one.

Signing Keys

A signing key is an RSA key pair associated with your tenant. The private key is used by the Cartesian Cloud to sign JWT tokens on behalf of the managed integration. When you generate or rotate a signing key, the public key is automatically distributed to your Outposts for JWT verification — no manual configuration is needed.

Token Exchange Flow

When a managed integration needs to authenticate an end user, it uses the following flow:

  1. The managed integration authenticates with the Agent Integrations API using an access key and provides the end user's context (user ID, email, organization, roles).
  2. The API signs a JWT containing that context using your tenant's signing key and returns it.
  3. The integration provides the signed JWT to the Cartesian Agent.
  4. The Agent uses the JWT to connect to the Cartesian Outpost, which verifies the signature using the tenant's public signing key.
info

You must generate a signing key before your managed integration can exchange access keys for JWT tokens. See Managing Keys for setup instructions.

Next Steps