Locoia
  • Overview
  • Account and User Settings
    • User types
    • Adding Users
    • Teams
    • Access Permissions
    • 2 Factor Authentication 2FA
    • Versioning and Snapshots
    • Activity Log
  • Reset your Password
  • Invoices and Payments
  • Automation
    • Flow Builder
      • Flow Building Best Practices
      • Jinja Template Language
        • Jinja: (Custom) variables, wildcards and functions
        • Magic Code Samples
      • Connectors & APIs
        • Titles and References
        • Referencing data of objects, lists, arrays - how to pass data dynamically
        • Accessing Objects with JSONPath
        • Merging nested JSON objects
        • Parsing JSONs from String
        • Response Headers & Status Codes
        • Custom Data Fields
        • Wildcard API calls and actions
        • Response cleaning
      • Text Strings, Date & Time, Numbers and Currencies
        • Text and Strings
        • Dates & Time
        • Numbers (Thousand Separators, Currencies)
      • Email-formatting
      • Code Fields
      • Running single Flow steps
      • Flow run data retention, logging, and error notifications
      • Advanced View
      • Dynamic Title
      • Custom Error Handling
      • Error Handling Flows
      • Automatic Pagination
    • Flow Debugger
      • Automatic Retrying
      • Run Flows again
      • Troubleshooting Flows
    • Community Library
  • Connectors & Helpers
    • Connectors
      • Monday.com
      • ActiveCampaign
      • Aircall
      • Allthings
      • Amplitude
      • Animus
      • Assetti
      • Awork
      • AWS RDS Database - How to connect
      • bubble.io
      • Casavi
      • Chargebee
      • CleverReach
      • comgy
      • commercetools
      • Everreal
      • Exact Online
      • Facebook Marketing
      • Fahrländer Partner
      • FastBill
      • FILESTAGE.io
      • Freshdesk
      • Freshsales
      • Google Ads
      • Google Ads Lead Form
      • Google Analytics
      • Google Chat
      • Google Drive
      • Google Sheets
      • Gmail
      • HubSpot
      • Heyflow
      • iDWELL
      • ImmobilienScout24
      • Instagram Ads
      • Intercom
      • klaviyo
      • Kiwi Opening Doors
      • Klenty
      • Klipfolio
      • Kolibri CRM
      • konfipay
      • KUGU
      • Shopify
      • S3 AWS
      • SQS AWS
      • Lambda AWS
      • Learnster
      • lexoffice
      • LineMetrics
      • Linkedin
      • Locoia
      • Notion
      • MailGun
      • Makula
      • Microsoft Dynamics 365
      • Microsoft OneDrive
      • MixPanel
      • MongoDB
      • Odoo
      • OnFleet
      • OnOffice
      • Oracle NetSuite
      • Outbrain
      • Quickbooks
      • Trello
      • PandaDoc
      • Personio
      • Pinterest Ads
      • Pipedrive
      • Plentific
      • PriceHubble
      • relay
      • REALCUBE
      • Sage ERP
      • Salesforce
      • SAP
      • Scoro
      • Seafile
      • sevDesk
      • SharePoint
      • SharpSpring
      • Slack
      • Snapchat Marketing
      • Snowflake
      • Teamleader Focus
      • Teamwork.com
      • Tableau
      • TikTok
      • TinQwise
      • The Trade Desk
      • Twitter
      • Typeform
      • WordPress
      • Xero
      • Youtube
      • Zendesk
      • Zoho CRM
      • Zoom
    • Helpers
      • Scheduler
      • Webhook
      • Dict Helper
      • Spreadsheet Helper
      • REST Helper
      • Boolean Helper
      • Multi Case Helper
      • Looper
      • FTP Helper
      • CSV Helper
      • XLSX Helper
      • Mail Sender
      • Flow Trigger
      • File Storage Helper
      • Terminate Helper
      • Delay Helper
      • SQL Connector
      • PDF Helper
      • Zip Helper
      • Data Warehouse Helper
      • XML Helper
      • Form Helper
      • Arrow
      • Error Arrow
    • Authentication Types Available
      • Setting up authentication
      • OAuth1
      • OAuth2
      • Refreshable token
      • AWS Signature
      • Basic Auth and Other Simple Authentication Methods
      • How are API versioning and API updates handeled?
      • Custom OAuth2 clients (apps)
    • Building Connectors
      • Base Connector Setup
        • Connector Auth Validation
        • GraphQL APIs
        • Rendering with User Input
      • Building Connector Actions
        • Actions Examples
      • Search Automation
      • Pagination Automation
      • Uploading Files in Actions
      • Working with SOAP APIs
    • Super Actions
    • Webhook Trigger for Connectors
    • Data Mapping and Env Variables
  • Embed - White Label Portal
    • Embed Overview
      • 1. Embed Flow
        • 1.1 Creating Embed Flows
        • 1.2 Updating Embed Flows
        • 1.3 Embed Error Handling
        • 1.4 Setting up Callbacks for Integration activation/deactivation
        • 1.5 Setting up Remote search
        • 1.6 Setting up End User logs
      • 2. Configure Embed
        • 2.1 Embed Integration via SSO
        • 2.2 Proprietary connector setup
        • 2.3 Sharing level
        • 2.4 Consent screen
        • 2.5 Account Secrets
        • 2.7 Further settings
      • 3. Integrate Embed
        • 3.1 iframe vs native embed
        • 3.2 Customizing CSS
        • 3.3 Events emitted from iframe to parent window
      • 4. Embed for End User
        • 4.1 Embed Remote Search
        • 4.2 Embed End User Logs
      • 5. Test Embed Configuration
        • Testing example
      • 6. Embed Integrations and Connector Auths
    • Embed FAQs
  • Data and Dashboards
    • Dashboards & Insights
      • Introduction to Dashboards
      • Introduction to Insights
      • Introduction to Data Sources
      • Dashboard Filters
      • Insight Marketplace - Using Pre-Built Insights
      • Writing SQL Queries
      • Useful SQL Examples
      • Charts
        • Line Chart
        • Bar and Horizontal Bar Chart
        • Stat Card
        • Pie Chart
        • Gauge Chart
        • Donut Chart
        • Stacked Bar, Horizontal Stacked Bar, and Normalized Horizontal Stacked Bar
        • Multiple Line Chart
        • Pivot Table
        • Map Chart
  • Best Practice Guides
    • Integration Best Practices
    • Integration Check List
    • CSV Files in Excel
    • Multi-Tenant Flows
    • On-Premise Integrations
    • Database Connection Setup
    • Data and General Security
    • Using Tags
    • FAQ
  • API
    • Locoia API Authentication - Personal Access Token
    • Create Connector Authentication
  • Contact us
  • Status of Service
  • Data Privacy
  • Imprint
Powered by GitBook
On this page
  • Authentication Configuration
  • Basic Auth
  • Bearer Token
  • API Key
  • API Key in URL (special case)

Was this helpful?

  1. Connectors & Helpers
  2. Authentication Types Available

Basic Auth and Other Simple Authentication Methods

Basic Auth, Bearer Token, API Key, and other special cases.

PreviousAWS SignatureNextHow are API versioning and API updates handeled?

Last updated 10 days ago

Was this helpful?

This page covers multiple simple authentication methods:

  • Header-based Authentication

  • Special cases

Authentication Configuration

The authentication configuration is the same for all these authentication methods and only requires auth_form to be filled (thus config is always {}), e.g.:

{
  "basic_auth": {
    "auth_form": [
      {
        "name": "auth_details",
        "title": "Auth Details",
        "type": "text",
        "required": true
      },
      {
        "name": "auth_token",
        "title": "Auth Token",
        "type": "password",
        "required": true
      },
      {
        "name": "subdomain",
        "title": "Subdmomain",
        "type": "text",
        "required": true,
        "info": "Will be filled in for {{ subdomain }} in https://{{ subdomain }}.zendesk.com/api/v2/",
        "pattern": "/^[\\w-_]+$/",
        "regexErrorMessage": "The subdomain can only contain letters, numbers, -, and _"
      }
    ],
    "config": {}
  }
}

Basic Auth

Basic Auth is a simple method for authenticating HTTP requests by sending a username and password pair encoded in Base64 within the request header. Due to its simplicity, it’s commonly used for APIs and web services, but it’s typically suitable for environments that use HTTPS because it doesn’t encrypt credentials by itself.

This is an example of the standard Basic Auth:

{
  "encode": "base64",
  "token_in_header": true,
  "content_type": "application/json",
  "header_key": "Authorization",
  "token_format": "{{identifier}}:{{token}}",
  "token_prefix": "Basic {{token_format}}"
}

Note, the identifier is the username. You can flexibly include more things in e.g. the token_format . Below is an example of Zendesk, which has an additional /token .

"token_format": "{{identifier}}/token:{{token}}"

Bearer Token

For standard Bearer Token authentication, the header looks like this:

{
  "encode": false,
  "token_in_header": true,
  "content_type": "application/json",
  "header_key": "Authorization",
  "token_format": "{{token}}",
  "token_prefix": "Bearer {{token_format}}"
}

API Key

For more flexibility, which is e.g. needed for other API Key authentication, the header_key value and token_prefix values often need to be adjusted, e.g.:

{
  "encode": false,
  "token_in_header": true,
  "content_type": "application/json",
  "header_key": "api_key",
  "token_format": "{{token}}",
  "token_prefix": "{{token_format}}"
}

API Key in URL (special case)

This is not a recommended method for security reasons! But some APIs still use it.

  1. Under the field URL Token Extension on the Connector, add {{endpoint}}&access_token={{token}} where access_token is the API key required by the Connector (i.e. change it accordingly)

  2. Set token_in_header to false the header configuration in this case:

{
  "encode": false,
  "token_in_header": false,
  "content_type": "application/json",
  "token_format": "{{token}}"
}

The {{token}} is then replaced with the auth_token on each request.

This part of the URL is not logged in Flow Debugging, so the API Key doesn't appear in the debugger.

Basic Auth
Bearer Token
API Key
API Key in URL