Refreshable token
Here are all details about configuring Connectors to authenticate with Refreshable Tokens
Introduction
The Refreshable Token authentication mechanism works similarly to OAuth2.
However, instead of the user logging into a Connector’s page, users enter their API credentials directly into Locoia.
Locoia then:
Sends the credentials to the authentication server.
Retrieves a refresh token.
Uses the refresh token to regularly obtain valid access tokens.
Header Configuration
The typical header structure for Refreshable Token authentication (except for header_key
) is:
Authentication Configuration (Standard)
Example for snov.io:
Required parameters
authorization_request_url
URL for the initial token request.authorization_request_body_template
Template for the body. Pass an empty string (""
) if no body is needed.authorization_request_headers
Headers for the token request.response_access_token_path
Path to extract access token from response.
Required Parameters for Separate Refresh Endpoints
refresh_request_url
URL to request a new access token using the refresh token.refresh_request_body_template
Template for the refresh body. Pass an empty string (""
) if no body is needed.refresh_request_headers
Headers for the refresh request.response_refresh_token_path
Path to extract refresh token from response.
Optional parameters
authorization_request_method
is optional to have the request be a GET, which is rarely the case but happens. The default is POSTrefresh_response_access_token_path
is an optional path to the access token for the refresh request. In case it's not specifiedresponse_access_token_path
will be used for the refresh request as wellresponse_access_token_path_in_header
is an optional path to the access token for the refresh request, which needs to be used, if the access token is in the header of the responseresponse_access_token_path_in_cookie
is used in order to retrieve a cookie value from the response as the access token. As there can be multiple cookies in the response, a unique string from the desired cookie needs to be specified as it's value.refresh_response_refresh_token_path
is an optional path to the access token for the refresh request. In case it's not specifiedresponse_refresh_token_path
will be used for the refresh request as well
Examples
Docuware
Docuware uses a Cookie-based authentication and additionally requires the same User-Agent
header for all requests:
In the Header configuration, the same User-Agent
needs to be specified:
Last updated
Was this helpful?