{"_id":"55fc9b803c21291900e7e105","version":{"_id":"55fc9b793c21291900e7e0d7","__v":12,"project":"5553d36165e8260d0024419a","createdAt":"2015-09-18T23:17:13.545Z","releaseDate":"2015-09-18T23:17:13.545Z","categories":["55fc9b7a3c21291900e7e0d8","55fc9b7a3c21291900e7e0d9","55fc9b7a3c21291900e7e0da","55fc9b7a3c21291900e7e0db","55fc9b7a3c21291900e7e0dc","55fc9b7a3c21291900e7e0dd","55fc9b7a3c21291900e7e0de","55fc9b7a3c21291900e7e0df","55fc9b7a3c21291900e7e0e0","55fc9b7a3c21291900e7e0e1","55fc9b7a3c21291900e7e0e2","55fc9b7a3c21291900e7e0e3","55fc9bad4c80910d00b9bece","56394a0c3539050d00082122","56394a2f68b11f0d0048c9ff","56394a462fc5520d001a4db3","56394a4c2fc5520d001a4db4","56394a5b049e420d00476b5c","56394a6a2fc5520d001a4db5","56394f791593e4190073a44b","567b3adfb56bac0d0019d8d9","569d590e5a2b060d008741eb","569ea93dffccd10d00a05c7f"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"2.0.0","version":"2"},"category":{"_id":"55fc9b7a3c21291900e7e0dc","project":"5553d36165e8260d0024419a","__v":1,"pages":["55fc9b803c21291900e7e105","55fc9b803c21291900e7e106","55fc9b803c21291900e7e107","55fc9b803c21291900e7e108"],"version":"55fc9b793c21291900e7e0d7","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-05-13T22:51:53.784Z","from_sync":false,"order":4,"slug":"authentication","title":"Authentication"},"project":"5553d36165e8260d0024419a","__v":0,"parentDoc":null,"user":"5553d33065e8260d00244199","updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-05-14T20:17:44.290Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":0,"body":"[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"Supported Formats\",\n  \"body\": \"- Basic Auth\\n- API Key (Header or Parameter based)\\n- OAuth 1.0\\n- OAuth 2.0\\n- OAuth 2.0 + JWT\\n- OAuth 2.0 + JWS\"\n}\n[/block]\nAuthentication settings need to be created to allow APIs to communicate with back end services.  Once an authentication service has been created, you can associate Tokens for use in the actual API call.\n[block:embed]\n{\n  \"html\": \"<iframe class=\\\"embedly-embed\\\" src=\\\"//cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2Fvideoseries%3Flist%3DPLf2DAAiR0jOYOgQLWVa6InnyzxAvisd3_&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D_pntbNZNnpc%26index%3D6%26list%3DPLf2DAAiR0jOYOgQLWVa6InnyzxAvisd3_&image=https%3A%2F%2Fi.ytimg.com%2Fvi%2F_pntbNZNnpc%2Fhqdefault.jpg&key=02466f963b9b4bb8845a05b53d3235d7&type=text%2Fhtml&schema=youtube\\\" width=\\\"854\\\" height=\\\"480\\\" scrolling=\\\"no\\\" frameborder=\\\"0\\\" allowfullscreen></iframe>\",\n  \"url\": \"https://www.youtube.com/watch?v=_pntbNZNnpc&index=6&list=PLf2DAAiR0jOYOgQLWVa6InnyzxAvisd3_\",\n  \"title\": \"APImetrics Authentication\",\n  \"favicon\": \"https://s.ytimg.com/yts/img/favicon-vflz7uhzw.ico\",\n  \"image\": \"https://i.ytimg.com/vi/_pntbNZNnpc/hqdefault.jpg\"\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Authentication Setup\"\n}\n[/block]\nAuthentication services can be created from the Authentication Services menu. \n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/6sfVON4nQdC4IlJB99IR_authentication%20setup.png\",\n        \"authentication setup.png\",\n        \"763\",\n        \"475\",\n        \"#5a6ba0\",\n        \"\"\n      ],\n      \"caption\": \"Authentication Settings Screen\"\n    }\n  ]\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"Endpoint Domain\",\n  \"body\": \"This is an optional field, but can be very powerful for automating the process of onboarding more APIs, as the authentication settings will be identified from the URI.\"\n}\n[/block]\nTokens associated with a particular Authentication Setup are show at the the bottom of the screen.\n\nClick \"Create New Token\" to add new tokens.\n\n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/wY0O72QUTQyDKvZfEOtl_tokens.png\",\n        \"tokens.png\",\n        \"990\",\n        \"518\",\n        \"#4599be\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Handling API Key Authentication\"\n}\n[/block]\nAn API Key based authentication model, as is popular with many gateway services such as Mashery and Apigee, conventionally uses an identifying key that will be passed into the call in the Header or Body.\n\nAs the first stage, you will define the Setup for the key service. When this is saved, click the Create Token button in the Authentication service list.\n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/OH9tTuzcTYOmdFrjiTsz_tokeneditor.png\",\n        \"tokeneditor.png\",\n        \"685\",\n        \"235\",\n        \"#ab9243\",\n        \"\"\n      ],\n      \"caption\": \"Editing an API Key type token\"\n    }\n  ]\n}\n[/block]\nAPImetrics handles the correct placement of the token in the API call when you come to make the call.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"OAuth-Based Authentication\"\n}\n[/block]\nHandling OAuth-based authentication can be challenge.  As with API Key authentication, it is a two-stage process. You first configure the Authentication settings using the URI's provided by the service.\n\nAdditionally, you need to add the ClientID and Secret to the settings page\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/oUMg4xBMQtySQTiZNeGf_oauth%20settings.png\",\n        \"oauth settings.png\",\n        \"603\",\n        \"411\",\n        \"#b56c45\",\n        \"\"\n      ],\n      \"caption\": \"Facebook OAuth 2 settings\"\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"OAuth Token Handling\"\n}\n[/block]\nOnce the OAuth service is configured you need get the Token. Running the Token Wizard will take you out to the service to authenticate using your personal authorization. You will then be returned to APImetrics.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Callback URL\"\n}\n[/block]\nThe callback URL for the APImetrics service may be required for registering some apps.\n\n\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"https://apimetrics.io/callback/\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Handling OAuth 2.0 Sign In Services\"\n}\n[/block]\nSome of the new OAuth 2.0 sign-in services use a username and password. These can be handled by creating a two-step workflow.","excerpt":"Handling authentication in API calls","slug":"authentication-setup","type":"basic","title":"Authentication Concepts"}

Authentication Concepts

Handling authentication in API calls

[block:callout] { "type": "info", "title": "Supported Formats", "body": "- Basic Auth\n- API Key (Header or Parameter based)\n- OAuth 1.0\n- OAuth 2.0\n- OAuth 2.0 + JWT\n- OAuth 2.0 + JWS" } [/block] Authentication settings need to be created to allow APIs to communicate with back end services. Once an authentication service has been created, you can associate Tokens for use in the actual API call. [block:embed] { "html": "<iframe class=\"embedly-embed\" src=\"//cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2Fvideoseries%3Flist%3DPLf2DAAiR0jOYOgQLWVa6InnyzxAvisd3_&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D_pntbNZNnpc%26index%3D6%26list%3DPLf2DAAiR0jOYOgQLWVa6InnyzxAvisd3_&image=https%3A%2F%2Fi.ytimg.com%2Fvi%2F_pntbNZNnpc%2Fhqdefault.jpg&key=02466f963b9b4bb8845a05b53d3235d7&type=text%2Fhtml&schema=youtube\" width=\"854\" height=\"480\" scrolling=\"no\" frameborder=\"0\" allowfullscreen></iframe>", "url": "https://www.youtube.com/watch?v=_pntbNZNnpc&index=6&list=PLf2DAAiR0jOYOgQLWVa6InnyzxAvisd3_", "title": "APImetrics Authentication", "favicon": "https://s.ytimg.com/yts/img/favicon-vflz7uhzw.ico", "image": "https://i.ytimg.com/vi/_pntbNZNnpc/hqdefault.jpg" } [/block] [block:api-header] { "type": "basic", "title": "Authentication Setup" } [/block] Authentication services can be created from the Authentication Services menu. [block:image] { "images": [ { "image": [ "https://files.readme.io/6sfVON4nQdC4IlJB99IR_authentication%20setup.png", "authentication setup.png", "763", "475", "#5a6ba0", "" ], "caption": "Authentication Settings Screen" } ] } [/block] [block:callout] { "type": "warning", "title": "Endpoint Domain", "body": "This is an optional field, but can be very powerful for automating the process of onboarding more APIs, as the authentication settings will be identified from the URI." } [/block] Tokens associated with a particular Authentication Setup are show at the the bottom of the screen. Click "Create New Token" to add new tokens. [block:image] { "images": [ { "image": [ "https://files.readme.io/wY0O72QUTQyDKvZfEOtl_tokens.png", "tokens.png", "990", "518", "#4599be", "" ] } ] } [/block] [block:api-header] { "type": "basic", "title": "Handling API Key Authentication" } [/block] An API Key based authentication model, as is popular with many gateway services such as Mashery and Apigee, conventionally uses an identifying key that will be passed into the call in the Header or Body. As the first stage, you will define the Setup for the key service. When this is saved, click the Create Token button in the Authentication service list. [block:image] { "images": [ { "image": [ "https://files.readme.io/OH9tTuzcTYOmdFrjiTsz_tokeneditor.png", "tokeneditor.png", "685", "235", "#ab9243", "" ], "caption": "Editing an API Key type token" } ] } [/block] APImetrics handles the correct placement of the token in the API call when you come to make the call. [block:api-header] { "type": "basic", "title": "OAuth-Based Authentication" } [/block] Handling OAuth-based authentication can be challenge. As with API Key authentication, it is a two-stage process. You first configure the Authentication settings using the URI's provided by the service. Additionally, you need to add the ClientID and Secret to the settings page [block:image] { "images": [ { "image": [ "https://files.readme.io/oUMg4xBMQtySQTiZNeGf_oauth%20settings.png", "oauth settings.png", "603", "411", "#b56c45", "" ], "caption": "Facebook OAuth 2 settings" } ] } [/block] [block:api-header] { "type": "basic", "title": "OAuth Token Handling" } [/block] Once the OAuth service is configured you need get the Token. Running the Token Wizard will take you out to the service to authenticate using your personal authorization. You will then be returned to APImetrics. [block:api-header] { "type": "basic", "title": "Callback URL" } [/block] The callback URL for the APImetrics service may be required for registering some apps. [block:code] { "codes": [ { "code": "https://apimetrics.io/callback/", "language": "text" } ] } [/block] [block:api-header] { "type": "basic", "title": "Handling OAuth 2.0 Sign In Services" } [/block] Some of the new OAuth 2.0 sign-in services use a username and password. These can be handled by creating a two-step workflow.