API Authentication

Last updated 8 days ago

Was this helpful?

API Authentication

You can configure your HTTP API as a data source if it requires authentication with a specific set of headers or other query params so you won't need to configure these parameters with every request.

The parameters configured in the datasource will be merged with the parameters configured in the specific request.

This article describes all available authentication methods when connecting your data source.

Authentication methods

The following standard types of authentication are available for HTTP API:

Custom headers/query params

For some API, you may need to pass the API key via Headers or Query Params, for example, in . You need to add them to the corresponding fields and proceed with connecting your data source.

Basic Auth

With this authentication method, you only need to provide your username and password.

Digest Auth

Digest Auth is similar to Basic Auth but with more focus on security. In Basic Auth, a user sends their credentials in plain text to the server thus making them easy to be intercepted by a middleman. Digest Auth, on the other hand, uses encryption algorithms to secure the transmission of user credentials.

With this authentication method, you only need to specify your username and password.

OAuth2

OAuth 2.0 is the protocol that allows UI Bakery to access data sources hosted by other web apps on behalf of the user.

Once you've selected this method, you can also choose a specific flow in the OAuth2 Flow dropdown:

Authorization Code Flow
Client Credentials Flow
Password Grant

The following parameters are available for the configuration:

UI Bakery redirect callback - Read only, should be set in the API OAuth settings
Client ID & Client secret - should be filled with values provided by the API
Authorization URL & Access Token URL - should be filled with values provided by the API
Additional params for Access Token request - any additional parameters that need to be added to the access token, for example, entity_id. They are added to the access token request's body.
Scope - a space-delimited list of permissions granted to the data source

When the Require personal user token checkbox is enabled, each user will be asked to authorise their access to API. Each user will have their own token. Data sources with personal tokens can't be used in automations or in public apps by anonymous users. If the personal token checkbox is not selected, then the token acquired during the data source creation will be used by all users.

How to use request data with OAuth 2.0

In the Data source configuration, you can use the UI_BAKERY_OAUTH2_TOKEN placeholder which will be replaced with the token value during the request. If the ID token was requested, you can use the UI_BAKERY_OAUTH2_ID_TOKEN placeholder as well.

By default, the header Authorization: Bearer UI_BAKERY_OAUTH2_TOKEN will be automatically added to each request to the data source with OAuth 2.0 enabled. You can override this behavior by adding your own Authorization header.

On the Enterprise plan, you can use the UI_BAKERY_SSO_TOKEN placeholder - it will be replaced by the token from the SSO authentication.

Token refresh

UI Bakery will try to automatically refresh the token if it's returned by API during authorization. If token refresh is not possible, the users will be prompted to give access each time the token expires.

API Key

This authentication method involves sending an API key along with the request. An API key is a unique identifier issued by the API provider to authorized users or applications and is used to identify and track API usage.

The API Key you specify in the Authentication settings section will be added as an Authorization header with the Bearer {API_KEY} value and it will be encrypted.

Usage

PreviousHTTP API NextHubSpot