Discover and connect marketplace apps
Bergur DavidsenUpdated 2026-07-14
The Usable Marketplace helps signed-in users discover available applications and open their connection flows. Availability can depend on application status, install policy, workspace eligibility, and account access.
Do not connect an application until you understand who published it, what it requests, and how to remove its access.
Discover an application
- Sign in to Usable.
- Open
/dashboard/marketplace. - Browse or search the applications available to your account.
- Open the application detail page.
- Review its name, developer, description, category, tags, and application URL where shown.
- Check whether it is beta, active, deprecated, or otherwise limited.
- Read its connection requirements and requested permissions.
The marketplace listing is not proof that an app is suitable for your data or organization.
Review before connecting
Confirm:
- the developer identity and support contact are recognizable;
- the application URL and redirects use expected HTTPS origins;
- requested scopes match the app's stated function;
- the correct user and workspace are selected;
- the app's access policy allows the intended installation;
- retention, privacy, and removal expectations are acceptable;
- beta limitations are acceptable for the workflow.
Reject unexplained broad permissions. Do not copy credentials into an app's support chat or description.
Connect with browser OAuth
Where the app uses an authorization-code flow:
- Choose Connect.
- Verify the authorization page and signed-in account.
- Review the requested permissions.
- Approve only if the scope is appropriate.
- Allow the browser to return to the registered redirect URI.
- Confirm the app reports a successful connection.
- Test one low-risk read action.
If the redirect host is unexpected, stop rather than editing the URL manually.
Connect with Device Code
Usable released RFC 8628 Device Authorization Grant support in v1.185.0 and added a Device Code snippet to the marketplace Connect modal in v1.186.0.
For an app that exposes this flow:
- Start the connection from the app or Connect modal.
- Note the verification URL and short-lived user code.
- Open the verification URL yourself.
- Confirm the app and requested access.
- Enter the code before it expires.
- Return to the original device while it polls at the instructed interval.
- Confirm completion and test access.
Treat the user code like a temporary credential. Never send it to an unknown person or service. A client must handle pending, slow-down, expiry, and denial results rather than polling aggressively.
Verify the connection
After connecting:
- open Installed Apps at
/dashboard/marketplace/installed; - confirm the expected application appears where exposed;
- verify the connected account and workspace context;
- test the minimum expected operation;
- confirm no extra permissions were granted;
- record the integration owner and purpose outside secret values.
Installation, OAuth authorization, and workspace permission are distinct. A connected app can still receive 403 for a workspace action it was not granted.
Maintain or disconnect
Review installed applications periodically. Remove access when the app, user, or business purpose changes.
Use only disconnect, revoke, or remove controls exposed by the current Installed Apps view, the application itself, or supported token/account settings. Do not assume every application exposes the same uninstall operation.
After disconnecting:
- Confirm the app no longer has working access.
- Revoke related tokens or sessions where supported.
- Remove stale app-side credentials.
- Review downstream automation and data retention.
- Keep audit details without storing secrets.
Troubleshooting
The app is not visible
It may be draft, unavailable to your account, invite-only, approval-required, workspace-restricted, deprecated, or archived.
Connect returns to an error page
Check the registered redirect URI, account session, requested scopes, and environment. Do not add broad wildcard redirects as a shortcut.
Device Code never completes
Verify the code has not expired, the correct account approved it, and the client follows the displayed polling interval. Start a new flow rather than reusing an expired code.
Connection succeeds but the app cannot read a workspace
Check the user's workspace membership, application scope, and selected workspace. Marketplace connection does not override workspace authorization.
Installed Apps does not update
Refresh once and verify the connection's final result. Do not repeat authorization blindly; this can create confusing duplicate sessions.