Customer insights create value when they move—into NEXT AI for analysis and out to the tools where teams act. As the system of record for customer intelligence, NEXT AI supports both inbound (ingest) and outbound (share) integrations so data flows across workflows with a single authoritative source.
Send data into NEXT AI
Typical inputs: audio/video, transcripts (with speakers & timestamps), meeting metadata, CRM/CS events.
Recommended patterns
Auth: OAuth 2.0 (user-delegated) or server-to-server credentials.
Delivery: Webhooks (signed HMAC header) with retries; verify signatures on receipt.
Reliability: support idempotency keys on POST to handle retries safely.
Fair use: publish rate limits and error codes; advise backoff.
Minimum payload shape (example)
id, created_at (ISO 8601), type, title, text, media_url, duration_s,
participants [{name, email, role}], source_url, tenant_id
NEXT AI maps inbound objects to Threads/Highlights/Clusters and keeps source links for auditability.
Accept insights from NEXT AI
What NEXT AI sends: title/summary, description, evidence link (video/highlight URL), and optional metadata (priority, labels, requester).
Recommended patterns
Auth: OAuth 2.0 (user-delegated) for posting into a user’s workspace.
Endpoint behavior: create the target object (issue/note/task) and return its URL/id; accept idempotency to prevent dupes.
Limits: document rate limits and status codes for robust retries.
Examples
“Create a Jira issue” with NEXT AI’s insight + source link (engineers validate before acting).
“Create a GitHub issue” in a chosen repo with evidence link.
“Create a Productboard note” on the Insights board for PM triage.
Embedded (iFrame)
For tools that need to appear inside NEXT AI’s editor (design boards, whiteboards, dashboards). Provide:
Embeddable URL pattern and URL → iFrame transform (e.g.,
/file/:id→/embed/:id), name/description for the command menu, and an SVG icon.Auth: the iFrame must authenticate users itself (NEXT AI does not forward user identity in the embed).
Security & privacy expectations (baseline)
OAuth 2.0 or equivalent for delegated access; OpenID Connect recommended where sign-in is required. IETF Datatracker+1
Webhook authenticity: verify HMAC signatures (shared secret) on every event. GitHub Docs
Idempotency & retries: support idempotency keys to make retries safe. Stripe Docs
Rate limits: publish per-token or per-workspace caps to protect reliability. GitHub Docs
Data transfers: if personal data moves cross-border, support GDPR SCCs/appropriate transfer mechanisms via DPA. European Commission
Assurance: SOC 2 (or equivalent) is recommended for partner-hosted services handling customer data. AICPA & CIMA
How to apply (what to send)
Email partner@nextapp.co with:
Company & product name; your point of contact
Integration type(s): Inbound, Outbound, Embedded (iFrame)
Docs & sandbox creds (OAuth app details, endpoints, event catalog/schema)
Data categories & residency options (EU/US), retention & deletion options
Security posture (SOC 2/ISO 27001, webhook signing, audit logging)
Go-to-market plan (who benefits, example workflow)
NEXT AI reviews technical fit, security, and UX. You’ll receive sandbox access and a short checklist to validate flows end-to-end.
FAQ
Q: Which auth flows are supported?
NEXT AI partners typically use OAuth 2.0 for user-delegated actions (sharing into your tool) and server-to-server credentials for ingestion. If you expose sign-in, OpenID Connect helps standardize identity.
Q: How should we secure webhooks?
Use HMAC-signed webhooks and verify signatures on receipt. Respond quickly with 2xx, and redeliver on failure.
Q: Do you require idempotency?
Yes—treat retries safely with idempotency keys on POST so duplicate deliveries don’t create duplicate objects.
Q: What about rate limits?
Publish clear limits (per minute/hour) and return standard headers/codes so NEXT AI can back off automatically. (Example: GitHub documents primary/secondary API limits.)
Q: For embedded iFrames, what do we need to provide?
An embeddable URL pattern, the URL → embed transform, menu name/description, and an SVG icon. Your iFrame must handle user auth itself; set safe CSP/sandbox.
Q: Do we need a DPA/SOC 2?
For personal data, a DPA (and where relevant, SCCs for international transfers) is expected. SOC 2 (or equivalent) is recommended to demonstrate control effectiveness.
Q: How long is the review?
After receiving your technical packet and sandbox, NEXT AI provides a fit & security review and a short punch-list for go-live. (Timelines vary with scope/assurance needs.)