Basic Auth and Other Simple Authentication Methods

Basic Auth, Bearer Token, API Key, and other special cases.

This page covers multiple simple authentication methods:

Header-based Authentication
Special cases
- API Key in URL

Authentication Configuration

The authentication configuration is the same for all these authentication methods and only requires auth_form to be filled (thus config is always {}), e.g.:

{
  "basic_auth": {
    "auth_form": [
      {
        "name": "auth_details",
        "title": "Auth Details",
        "type": "text",
        "required": true
      },
      {
        "name": "auth_token",
        "title": "Auth Token",
        "type": "password",
        "required": true
      },
      {
        "name": "subdomain",
        "title": "Subdmomain",
        "type": "text",
        "required": true,
        "info": "Will be filled in for {{ subdomain }} in https://{{ subdomain }}.zendesk.com/api/v2/",
        "pattern": "/^[\\w-_]+$/",
        "regexErrorMessage": "The subdomain can only contain letters, numbers, -, and _"
      }
    ],
    "config": {}
  }
}

Basic Auth

Basic Auth is a simple method for authenticating HTTP requests by sending a username and password pair encoded in Base64 within the request header. Due to its simplicity, it’s commonly used for APIs and web services, but it’s typically suitable for environments that use HTTPS because it doesn’t encrypt credentials by itself.

This is an example of the standard Basic Auth:

{
  "encode": "base64",
  "token_in_header": true,
  "content_type": "application/json",
  "header_key": "Authorization",
  "token_format": "{{identifier}}:{{token}}",
  "token_prefix": "Basic {{token_format}}"
}

Note, the identifier is the username. You can flexibly include more things in e.g. the token_format . Below is an example of Zendesk, which has an additional /token .

"token_format": "{{identifier}}/token:{{token}}"

Bearer Token

For standard Bearer Token authentication, the header looks like this:

{
  "encode": false,
  "token_in_header": true,
  "content_type": "application/json",
  "header_key": "Authorization",
  "token_format": "{{token}}",
  "token_prefix": "Bearer {{token_format}}"
}

API Key

For more flexibility, which is e.g. needed for other API Key authentication, the header_key value and token_prefix values often need to be adjusted, e.g.:

{
  "encode": false,
  "token_in_header": true,
  "content_type": "application/json",
  "header_key": "api_key",
  "token_format": "{{token}}",
  "token_prefix": "{{token_format}}"
}

API Key in URL (special case)

This is not a recommended method for security reasons! But some APIs still use it.

Under the field URL Token Extension on the Connector, add {{endpoint}}&access_token={{token}} where access_token is the API key required by the Connector (i.e. change it accordingly)
Set token_in_header to false the header configuration in this case:

{
  "encode": false,
  "token_in_header": false,
  "content_type": "application/json",
  "token_format": "{{token}}"
}

The {{token}} is then replaced with the auth_token on each request.

This part of the URL is not logged in Flow Debugging, so the API Key doesn't appear in the debugger.

PreviousAWS Signature NextHow are API versioning and API updates handeled?

Last updated 3 months ago

Was this helpful?