Flex Connector Authorization
  • 05 Jun 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Flex Connector Authorization

  • Dark
    Light
  • PDF

Article summary

This document describes the authorization configuration option of the Flex Connector. The majority of API services will require authorization details to extract data. Panoply's Flex Connector supports multiple different authorization options natively.

All authorization methods are still available by adding the relevant details directly in the headers and/or URL parameters and No Auth in the Authorization configuration.

Available authorization methods:

API Key

  • Key - Enter the key name required for the API key. For example, apikey.
  • Value - Enter the API key value.
  • Add to - Choose between adding the key and value to the headers or URL parameters.

Bearer Token

  • Token - Enter your Bearer Token. Panoply will automatically add Bearer to it.

Basic Auth

  • Username - Enter your API username.
  • Password - Enter your API password.

JWT Bearer

  • Algorithm - Select the algorithm to use for the JWT token.
  • Secret/Private Key - Enter the secret that’s used with the HMAC-SHA algorithm or the private key for signing the token for RS, ES, and PS algorithms.
  • Secret Base64 encoded - Select this option if the secret/private key is encoded in Base64 format.
  • Payload - Enter a JSON formatted payload data for your JWT token.
  • Additional headers - Enter a JSON formatted headers for your JWT token. You do not need to add the alg and type headers.
  • Use token prefix - Select this option if there is a need to add a prefix to the JWT token in the headers.
  • Token prefix - Enter the JWT token prefix to be added to the header. The default is Bearer.
  • URL parameter key - Enter the URL parameter key to use when adding the JWT token to the URL parameters.
  • Add to - Choose between adding the JWT token to the headers or URL parameters.

OAuth1

  • Signature Method - Select the signature method to use when authenticating API calls.
  • Realm - Enter the realm specified in the response header
  • Consumer Key - Enter the consumer key to be identified in the dedicated API service provider.
  • Consumer Secret - Available for HMAC and PLAINTEXT signatures only. Enter the consumer secret to establish ownership of the key above.
  • Private Key - Available for RSA signatures only. Enter the private key to generate the authentication signature.
  • Access Token - Enter the access token that represents the permissions to access the data.
  • Token Secret - Available for HMAC and PLAINTEXT signatures only. Enter the token secret to establish ownership of the access token above.
  • Add to - Choose between adding the access token to the headers or URL parameters.

OAuth2

Redirect URI configuration

When creating the API app, enter the following URL as the redirect URI:
https://platform.panoply.io/sources/callback.html

  • Authorization URL - Enter the URL to retrieve the authorization code from API provider authorization server.
  • Access Token URL - Enter the URL to exchange the authorization code for an access token.
  • Client Id - The dedicated API service client id used to generate authorization codes
  • Client Secret - The dedicated API service client secret used to generate authorization codes
  • Scope - Enter space delimited list of scopes based on the access required to extract your data.
  • Access Token header key - Enter the header key to use with the response’s access token. By default, Panoply will use Authorization.
  • Token prefix - Enter the required token prefix.
  • Add to - Choose between adding the access token to the headers or URL parameters.
Logging in

Once the configuration above is complete, you can click on the Login button to initiate the authentication process. At the end of the authentication process, Panoply will retreive the relevant access and refresh tokens that will be used in the different API calls.

Refresh Acess Token

In many API services, you will be required to refresh the access token. Panoply's Flex Connector supports automation of this refresh process.
First, you will need to enable the refresh of the access token and configure the specific configurations based on the required refresh process.

  • Use Refresh Token once - Check this box if the refresh of the access token will also generate a new refresh token
Warning

If the refresh process will refresh the refresh token and this has not been selected, the Flex Connector will not save the new refresh token and will fail in the successive collections

  • Refresh Token URL - Enter the refresh token URL
    • Headers - Enter the API call's headers in a JSON format. For example: {"type": "123..."}
    • Additional POST data - By default, the request body contains client_id, client_secret, refresh_token and grant_type values. Enter any additional or replacement POST data in a JSON format. For example: {"Client_id": "123..."}
    • Access Token response key - Enter the field path to the access token in the response.
    • Refresh Token response key - This configuration is available only when Use refresh token once is selected. Enter the field path to the refresh token in the response.
    • Error status codes - Enter a ; list of the error codes that will trigger the refresh of the access token. The Flex Connector will only attempt to refresh the access token when encountering these error codes

AWS Signature

  • Region - Choose the AWS region to send the API calls to.
  • Service Name - Enter the service name receiving the API calls. For example: s3
  • Access Key - Enter your AWS Access Key.
  • Secret Key - Enter your AWS Secret Key.
  • Add to - Choose between adding the AWS authorization to the headers or URL parameters.
  • Session token - Enter the session token when using temporary credentials

Was this article helpful?