Configuring authentication

You're viewing Apigee X documentation.
View Apigee Edge documentation.

Integrations allows you to save the authentication profiles for your client. As a result, you can configure the authentication once and reuse the same configuration across integrations.

To create an authentication profile perform the following steps:

  1. Select Add new authentication profile in the Authentication profile to use field.
  2. In the Authentication profile dialog, enter the following details:
    • Profile name: Enter a custom name for the configuration.
    • Profile description: Enter a description for the configuration.
    • Authentication type: Select the type of authentication and enter the required information for the authentication. Based on the type of authorization you select, the UI displays the corresponding fields required for the authentication. For information on all the supported authentication types, see [TBD link to the Types of authentication section].
  3. Click Save.

After you save the profile, the newly created profile is visible in the Authorization profile to use drop-down. Select the profile from the drop-down.

Types of authentication

The type of authentication that you want to use depends on the authentication configured in the authorization server. The authorization server can be a standalone server or an API. Integrations supports the following types of authentication for connecting to your authorization server:

  • Auth token
  • Client certificate only
  • Jwt - The JSON Web Token
  • OAuth2 authorization code
  • OAuth2 client credentials
  • OAuth2 resource owner credentials
  • Service account
  • Username and password

The following table describes the various types of authentication and the corresponding configuration parameters.

Authentication Type Description Configuration parameters
Auth token Simple token based authentication TYPE: Type of authentication [TBD what are the supported auth types? Should we mention it?]

TOKEN: Authentication token

Client certificate only SSL/TLS certificate based authentication SSL/TLS Certificate

Upload the SSL/TLS certificate and the corresponding private key.

Jwt JSON Web Token (JWT) based authentication. For more information on JWT, see https://tools.ietf.org/html/rfc7519 JWT HEADER: Algorithm to generate the signature.

Note:You can only specify the HS256 algorithm.

JWT PAYLOAD: A set claims. You can use registered, public, and custom claims.

SECRET: Shared key between the client and the authentication server.

OAuth2 authorization code OAuth 2.0 based authentication

In this authentication, you are redirected to review the access permissions for the Integrations application. After you authorize the application, you are redirected back to the application with a temporary code. The application uses the temporary code to get an access token to access the protected resources.

AUTHENTICATION URL: URL for authentication.

TOKEN URL: Endpoint URL that grants or refreshes the access token.

CLIENT ID: Client ID provided by the authentication server.

CLIENT SECRET: Shared key between the client and the authentication server.

SCOPE: Scope of the access token.

Scopes allow you to specify access permissions for users. You can specify multiple scopes separated by a space.

[TBD link to a tutorial that shows how to use this type of authentication]

OAuth2 client credentials OAuth 2.0 based authentication

In this authentication, you first request an access token using the client credentials and then use the access token to access the protected resources.

CLIENT ID: [TBD]

CLIENT SECRET: Shared key between the client and the authentication server.

TOKEN ENDPOINT: Endpoint URL that grants or refreshes the access token.

SCOPE: Scope of the access token.

Scopes allow you to specify access permissions for users. You can specify multiple scopes separated by a space.

REQUEST TYPES: Mechanism to send the request parameters to the authentication server. The following request types are supported:

  • Encoder header - Encode the request parameters and send the parameters in the request header.
  • Query parameters - Send the request parameters as query parameters.
  • Request body - Send the request parameters in the request body.

    TOKEN PARAMETERS: Request parameters required to get the token.

OAuth2 resource owner credentials OAuth 2.0 based authentication

In this authentication, you first request an access token using the owner credentials and then use the access token to access the protected resources.

CLIENT ID: [TBD]

CLIENT SECRET: Shared key between the client and the authentication server.

USERNAME: Username for authentication.

PASSWORD: Password for authentication.

TOKEN ENDPOINT: Endpoint URL that grants or refreshes the access token.

SCOPE: Scope of the access token.

Scopes allow you to specify access permissions for users. You can specify multiple scopes separated by a space.

REQUEST TYPES: Mechanism to send the request parameters to the authentication server. The following request types are supported:

  • Encoder header - Encode the request parameters and send the parameters in the request header.
  • Query parameters - Send the request parameters as query parameters.
  • Request body - Send the request parameters in the request body.

    TOKEN PARAMETERS: Request parameters required to get the token.

Service account Authentication using Service Accounts in your GCP project. SERVICE ACCOUNT: Name of the service account in your GCP project.

Note: In your GCP project, ensure that you have added the cloud-crm-ip-api-caller@prod.google.com principal with the Service Account Token Creator role.

SCOPE: Scope of the access permissions to users.

You can specify multiple scopes separated by a space.

Username and password Username and password based authentication.

In this authentication you use only username and password to authenticate with the authentication server.

USERNAME: Username for authentication.

PASSWORD: Password for authentication.