The OAuth 1.0 authentication standard enables applications to grant access to their protected resources without disclosing their credentials to the consumer. OAuth 1.0 creates a generic methodology for API authentication. It uses tokens generated by the service provider instead of the user’s credentials for requests to protected resources, and it has become required or preferred by providers like Magento and Twitter.
You can select this option to connect to any OAuth 1.0-compliant app that does not have a prebuilt integrator.io connection, or you can build your own OAuth 1.0 connection for a supported app and exercise finer control over each setting, as described below.
- OAuth 1.0 is a three-stage workflow, where the client first gets temporary credentials, performs authorization, and exchanges the temporary credentials for permanent long-lived tokens. This connector type assumes that you have already completed these steps and obtained the long-lived token and secret before setting up an OAuth 1.0 connection using endpoints. However, in the near future, Celigo will launch an upgraded OAuth 1.0 connector with the ability to retrieve the credentials for you.
- OAuth1.0 requires signed requests with complicated signature methods. While establishing the OAuth1.0 connection, integrator.io will sign the request using the signature method that you choose below.
A. Set up an HTTP connection
Start establishing a connection in either of the following ways:
- From the Resources menu, select Connections. Then, click+ Create connection at the top right.
- While working in a new or existing integration, you can add an application to a flow simply by clicking Add source or Add destination/lookup. From the Application list, under Universal connectors, select HTTP.
- After the HTTP Application is added, click the Connection setting’s + button to proceed.
B. Provide general HTTP connection settings
Edit the General settings specific to your account and this connection resource.
Name (required): Enter a clear and distinguishable name. Throughout integrator.io imports and exports, you will have the option to choose this new connection. A unique identifier will prove helpful later when selecting it from a list of the connections in your account.
Application (required, non-editable): A reminder of the app you’re editing.
Mode (required): Select one of the following options:
- Cloud to connect to a publicly accessible server application.
- On-premise to connect to a server that is publicly inaccessible and has an integrator.io agent installed on it.
Agent (required, if On-premise selected for Mode; otherwise not displayed): Select an agent from the list. To connect to an on-premise application, integrator.io requires that an agent be installed on a networked computer. An agent is a small application that allows you to connect to data behind your firewall. When installing an agent, you will specify a unique access token, which then populates the Agent drop-down list. The installed agents connect to integrator.io and establish a reverse SSH tunnel, allowing secure communication without the need to whitelist integrator.io IP addresses in your firewall settings. A single agent can be used by multiple different connections.
C. Edit OAuth 1.0 settings
Continuing in the Create connection panel, select OAuth 1.0 for the Auth type. The settings then become specific to OAuth 1.0.
As with all universal API connections, the parameters are unique to the vendor’s conventions. Before proceeding, review the developer documentation and your account settings.
Signature method (required): Select the required method to sign the API call:
- HMAC-SHA1
- HMAC-SHA256
- HMAC-SHA512
- RSA-SHA1
- RSA-SHA256
- RSA-SHA512
- PLAINTEXT
Consumer key (required): Enter your consumer key. The consumer uses this value to identify itself to the service provider. This is enabled and required for all the Signature methods.
Consumer secret (required): Enter your consumer secret. The consumer uses this password to establish ownership of the consumer key. This is enabled and required when Signature method is HMAC-SHA1, HMAC-SHA256, HMAC-SHA512, or PLAINTEXT. Multiple layers of protection, including AES 256 encryption, are in place to keep your secret safe. When editing this connection, you must re-enter this value each time; it is stored only when the connection is saved and never displayed as text.
Access token (required): Enter the access token. The consumer uses this token to gain access to the protected resources on user's behalf. This is enabled and required for all the Signature methods. Multiple layers of protection, including AES 256 encryption, are in place to keep your token safe. When editing this connection, you must re-enter this value each time; it is stored only when the connection is saved and never displayed as text.
Token secret (required): Enter the token secret. The consumer uses this secret to establish ownership of a provided token. This is enabled and required when Signature method is HMAC-SHA1, HMAC-SHA256, HMAC-SHA512, or PLAINTEXT. Multiple layers of protection, including AES 256 encryption, are in place to keep your secret safe. When editing this connection, you must re-enter this value each time; it is stored only when the connection is saved and never displayed as text.
Consumer private key (required): Enter the consumer private RSA key. This key is used to sign the API call request. This is enabled and required when Signature method is RSA-SHA1, RSA-SHA256, or RSA-SHA512
Realm (optional): Enter the realm value. For more information, see your application's API documentation.
This section is collapsed by default since all of its settings are optional.
Override HTTP status code for auth errors (optional): Provide an alternate status code if the HTTP status code for auth errors returned by this app is not the standard 401. For example, for an API that returns a generic 400 status code, enter 400 and then specify the field in the HTTP response body that indicates auth errors.
Path to auth error field in HTTP response body (optional): If the API returns a field that contains auth errors in the HTTP response body, enter the JSON path to that field. For example, when an API returns the field errorMessage
with the value Auth failed
, then enter errorMessage
as the path.
Auth error values (optional): If you supplied a fail path above, enter the exact values that the API will return to indicate auth errors. Separate multiple values with commas.
D. Edit common HTTP settings
Additional HTTP settings are found in the other sections in the Create connection panel (optional sections are collapsed by default):
- Application details (contains the required settings Base URI and Media type)
- Non-standard API rate limiter
- How to test this connection?
- Advanced
For complete documentation of these settings, see Fundamentals of HTTP connections.
E. Save and test the connection
Once you have configured the HTTP connection, you have a few options for continuing:
- Save – click this button to test the connection, commit the new connection so that it will be available to all integrations for your account
- Save & close – click to test and save the connection and exit the Create connection panel
- Close – click to exit without saving any new changes
- Test connection – click this button to verify that your new connection is free of errors
When you test or save the connection, it is verified before continuing.
If the connection fails, double-check the provided settings, and test again.
Comments
Please sign in to leave a comment.