Setting up authentication

Authentication Overview

We offer multiple authentication methods ranging from basic auth to Oauth2. Although often used in the same sentence, authentication and authorization are not the same. Authorization happens after your identity has been authenticated (confirmed to be who you are) by an app. Thus, you are authorized to get access to data, files, and the like.

How to start setting up authentication?

In the side-menu of the app, click on Connector Auth to get to the authentication screen. Next, click on the Add button in the upper left corner. Now you should see the below screen:

Select the Connector or Helper you want to set auth up for - then:

  1. Enter a Name that describes the Connector or Helper as well as the environment e.g. DEV, Production or the like.

  2. Only enter an API Endpoint if the integration requires a subdomain or if you want to send a request e.g. against an older version of the API. You can place the full URL of endpoints later in the FlowBuilder and don't have to do it here.

  3. In the Auth Type drop-down, depending on whether we offer one or both authentication methods, you will only see those auth types that we offer. For e.g. the Rest helper we offer both, but most likely you will need basic_auth

Authentication Type

Authentication with OAuth2

Let's suppose you select Slack. Enter the name and select oauth2 and then hit Confirm:

Now you will be redirected to the Slack authentication screen that you may know from other apps. Review the content and click allow:

Authentication with Basic Auth for helpers

Basic Auth for Helpers e.g. REST Helper

To setup basic auth for the REST Helper, enter a name, select basic_auth, and enter the full API token in the Auth token field.

If the token requires a "Bearer " or "Basic " prefix enter it in full like this:

Bearer ey_my_secret_token

or

Basic ey_my_secret_token

The auth details field is usually not needed. Should your authentication require user:password base64 encoded, please combine the user:password as described, base64 encode it someone on your Computer / Mac, and then enter the base64 encoded string with the prefix like this:

Basic my_base_64encoded_token

Once all is entered, click Confirm and start using the Authentication in all of your automation flows. It is visible only on the Connector or Helper you set it up for.

Authentication with Basic Auth for Connectors

For connectors, basic auth is setup in the same way as for helpers, but we do the base64 encoding for you and save you some work. Example with Freshdesk:

E.g. for Zendesk, which requires a subdomain, Enter the full domain including the subdomain and trailing slash like:

  • Enter your API-token non-base64 encoded as it is. Locoia does the base64 encoding for you in the background.

  • Specify a subdomain. We automatically add it to the endpoint so it looks like this:

https://my-company.freshdesk.com/api/v2/

Finally, hit confirm and start using the authentication in your flows in the FlowBuilder. It is visible only on the Connector or Helper you set it up for.

Authentication with Private SSH Key

You can use authentication with a private SSH key together with a sFTP connection via the FTP Helper. When setting up a new Connector Auth for the FTP Helper, you simply have to change the Auth Type to private_ssh_key:

You then have to enter your username and upload the private key file.

Authentication Tips & Tricks

If an API has two endpoints, please create two ConnectorAuths, one for each endpoint. Example: the Dropbox API has api.dropbox.com for regular API calls and content.dropbox.com for all file-related API calls. This allows you to have individual Base-Domains per each endpoint.

Authentication FAQs

How does Locoia store authentication details?

Locoia stores authentication details, such as API keys, passwords or refresh tokens, for its users in order to connect to the respective systems on their behalf once users build flows and use those authentications.

First, authentication details are encrypted on the application level before they are stored in our database. Secondly, our database and all its content is additionally encrypted.

Who can access the authentication details?

No authentication details can be extracted in any way, other than using them as part of a request to the respective systems they are intended for as per Locoia's users.

This means no one, besides the system receiving the request, can see your credentials such as API key or passwords.

Can Locoia employees may access my account for support?

Yes, but any activity and usage of Authentication e.g. as part of a flow run is logged in audit logs. So if a Locoia employee provides support, this leaves traces and users can see exactly what happened.

Last updated