Authentication Types

Step 2: Select the Allowed Authentication Type

Once the system basics are entered, the next step is to choose the authentication required for connecting to this system. By default, Basic Authentication is selected. You can delete the authentication by clicking on the three dots and add your preferred type by clicking on Add Authentication Button. If applicable, fill the authentication details and click on Save and Continue Button.

As of now, only one authentication type can be configured for a version of a system.

Authentication Methods

DCKAP Integrator supports five types of authentications

  1. No Authentication

  2. Dynamic Token Authentication

  3. Basic Authentication

  4. OAuth1.0

  5. OAuth2.0

No Authentication

This is the authentication that can be used when we don’t have any authentication or when we want to use a static API Key or Bearer Token for Authentication.

How to set up a static API Key Authentication?

  • Add a new credential input in the next step to get the static API Key or Bearer Token - Example:

Display Name
Key
Type

API Key

key

input

  • To use the key in API Manager Section, add header in the below format

Authorization

Bearer {{inputs.key}}

If all APIs use the same field, add it to API Common Fields in API Manager instead of manually typing it out.

Dynamic Token Authentication

Gets access tokens through one or more token endpoints. Manually add them to API headers or parameters.

Configure the API details for getting the token

If you want to make an API call and use that result in the next API call, you can use the format {{<step_number>.<key_name>}}

Example: {{1.client_id}}

The result of the last API is stored and that can be used via {{token.<keyname>}} format in API Manager Section. If the last API returns {“access_token”: “123”}, to use it in API Manager Section as Bearer 123, configure it as {{token.access_token}}.

Mention the Authorization header or param explicitly in API Manager. If all APIs require the header, configure it in API Manager Common Fields.

Basic Authentication

Basic Authentication is a simple authentication method where the client sends a username and password encoded in Base64 with each HTTP request.

You don’t need to manually add the Authorization header in your API definitions. DCKAP Integrator automatically gets username and password from the system user and handles authentication by auto-populating the required header in the API Call for you. To skip this autopopulation for any of the APIs, choose Skip Auth in API Manager.

OAuth1.0

Allows clients to access protected resources using pre-obtained token credentials - consumer key, secret, access token, and token secret - without requiring interactive user authorization during each request.

You don’t need to manually add the Authorization header in your API definitions. DCKAP Integrator automatically gets the necessary fields from the system user and handles authentication by auto-populating the required header in the API Call for you. To skip this autopopulation for any of the APIs, choose Skip Auth in API Manager.

OAuth2.0

A widely adopted protocol that provides secure, token-based authentication and authorization.

Grant Type

DCKAP Integrator supports Authorization Code Grant and Authorization Code Grant with PKCE (Proof Key for Code Exchange).

Redirect URL

Configure the given redirect URL in your system

Authorization URL

Authorization URL should begin with https

Scope

If there are many scopes, separate with a space in between. Ensure that you enable offline token access via scope.

Token URL

Token URL should begin with https

Client ID

Configure your app’s client ID

Client Secret

Configure your app’s client secret

Add Client Authentication To

Choose where the client details should be sent when the Token URL is hit in Header/Body

Authorization Key

Key Name of Authorization Field - Example: Authorization

Authorization Format

If your token API Call returns {“access_token”: “123”} and you want to send “Bearer 123” in your request, mark the authorization format as Bearer {{token.access_token}}

Add Authorization Data to

When making API calls, where should the Authorization Key and Value be added - if in header, choose Request Headers, if in Params, choose URL

By default, this authorization data is added to all API Calls. To skip this for any API Call, choose Skip Auth in API configuration.

Last updated

Was this helpful?