# Basic Auth and Other Simple Authentication Methods

This page covers multiple simple authentication methods:

* **Header-based Authentication**
  * [Basic Auth](#basic-auth)
  * [Bearer Token](#bearer-token)
  * [API Key](#api-key)
*  **Special cases**
  * [API Key in URL](#special-cases)

***

### Authentication Configuration

The authentication configuration is the same for all these authentication methods and only requires `auth_form` to be filled (thus `config` is always `{}`), e.g.:

```json
{
  "basic_auth": {
    "auth_form": [
      {
        "name": "auth_details",
        "title": "Auth Details",
        "type": "text",
        "required": true
      },
      {
        "name": "auth_token",
        "title": "Auth Token",
        "type": "password",
        "required": true
      },
      {
        "name": "subdomain",
        "title": "Subdmomain",
        "type": "text",
        "required": true,
        "info": "Will be filled in for {{ subdomain }} in https://{{ subdomain }}.zendesk.com/api/v2/",
        "pattern": "/^[\\w-_]+$/",
        "regexErrorMessage": "The subdomain can only contain letters, numbers, -, and _"
      }
    ],
    "config": {}
  }
}
```

***

### Basic Auth

Basic Auth is a simple method for authenticating HTTP requests by sending a username and password pair encoded in Base64 within the request header. Due to its simplicity, it’s commonly used for APIs and web services, but it’s typically suitable for environments that use HTTPS because it doesn’t encrypt credentials by itself.

This is an example of the standard Basic Auth:

```json
{
  "encode": "base64",
  "token_in_header": true,
  "content_type": "application/json",
  "header_key": "Authorization",
  "token_format": "{{identifier}}:{{token}}",
  "token_prefix": "Basic {{token_format}}"
}
```

Note, the identifier is the username. You can flexibly include more things in e.g. the `token_format` . Below is an example of Zendesk, which has an additional `/token` .

```json
"token_format": "{{identifier}}/token:{{token}}"
```

***

### Bearer Token

For standard Bearer Token authentication, the header looks like this:

```json
{
  "encode": false,
  "token_in_header": true,
  "content_type": "application/json",
  "header_key": "Authorization",
  "token_format": "{{token}}",
  "token_prefix": "Bearer {{token_format}}"
}
```

***

### API Key

For more flexibility, which is e.g. needed for other API Key authentication, the `header_key` value and `token_prefix` values often need to be adjusted, e.g.:

```json
{
  "encode": false,
  "token_in_header": true,
  "content_type": "application/json",
  "header_key": "api_key",
  "token_format": "{{token}}",
  "token_prefix": "{{token_format}}"
}
```

***

### API Key in URL (special case) <a href="#special-cases" id="special-cases"></a>

{% hint style="danger" %}
This is not a recommended method for security reasons! But some APIs still use it.
{% endhint %}

1. Under the field `URL Token Extension` on the Connector, add `{{endpoint}}&access_token={{token}}` where `access_token` is the API key required by the Connector (i.e. change it accordingly)
2. Set `token_in_header` to `false` the header configuration in this case:

```json
{
  "encode": false,
  "token_in_header": false,
  "content_type": "application/json",
  "token_format": "{{token}}"
}
```

The `{{token}}` is then replaced with the `auth_token` on each request.

{% hint style="success" %}
This part of the URL is not logged in Flow Debugging, so the API Key doesn't appear in the debugger.
{% endhint %}