Extractor Builder - Authentication Methods
New data integration content available
You're currently viewing a data integration topic that has been replaced and will eventually be removed from our documentation.
For the latest data integration content, see: Data Integration.
This page describes the supported authentication methods in detail and supports you evaluate which method to choose for your desired connection. We recommend comparing the described authentication mechanisms and comparing them with the API documentation of your source system to evaluate which method fits your scenario.
Every method requires a different input for configuring
When configuring the authentication method itself → This configuration is identical for a given source system
When creating a new data connection → This configuration is specific to the specific instance of the source system to which you intend to connect.
Authentication Method | Description | Input (when configuring the authentication method) | Input (when creating a new data connection) | Example Request |
|---|---|---|---|---|
Basic Authentication | User inputs required in the data connection:
To authenticate with the source system, the username and password provided in the data connection is encoded with Base64. This encoded string will be prefixed with "Basic" and sent to every request's Authorization header. |
| Header: "Authorization: Basic bG9sOnNlY3VyZQ==" | |
Bearer Authentication | User inputs required in the data connection:
To authenticate with the source system, this token will be prefixed with "Bearer" and sent to every request's Authorization header. |
| Header: "Authorization: Bearer token" | |
API Key Authentication | User inputs required in the data connection:
To authenticate with the source system, this API Key will be sent in the "x-api-key" header of every request. |
|
| Header: "x-api-key: YOUR-API-TOKEN” |
OAuth2 (Authorization Code) | User inputs required in the data connection:
To authenticate with the source system, the client ID and client secret are passed to the authorization endpoint to request authorization to access the service resources in the browser (when saving the connection). If the user is authorized, an authorization grant is passed. Using this authorization grant an access token needs to be requested from the Get Token endpoint. The returned token is then used for all upcoming requests. The Grant Type authorization_code is being used. The client credentials can be sent as a Basic Auth header (default) or via the request body. |
|
| Header: "Authorization: Bearer token" For Access Token, we send a request to the Get Token Endpoint with content: “grant_type: <GRANT_TYPE>” “client_id: <CLIENT_ID>” “client_secret: <CLIENT_SECRET> → There is no test connection option, because you will get redirect to the UI of the source system for authentication. |
OAuth2 (Authorization Code + Refresh Token) | User inputs required in the data connection:
In order to authenticate with the source system, the client ID and client secret are passed to the authorization endpoint to request authorization to access the service resources in the browser (when saving the connection). If the user is authorized, an authorization grant is passed. Using this authorization grant, an access token needs to be requested from the Get Token endpoint. The returned token is then used for all upcoming requests. As the token in that connection scenario is limited to a certain period of time, a new one is automatically recreated after the old one expires using the refresh token. The Grant Types authorization_code and refresh_token are being used. The client credentials can be sent as a Basic Auth header (default) or via the request body. |
|
| Header: "Authorization: Bearer token" – To refresh the Access Token, we send a request to the Get Token Endpoint with content: “grant_type: refresh_token” “refresh_token: <REFRESH_TOKEN>“ And with Header (generated from client id and secret): "Authorization: Basic bG9sOnNlY3VyZQ==" → There is no test connection option, because you will get redirect to the UI of the source system for authentication. |
OAuth2 (Client Credentials) | User inputs required in the data connection:
To authenticate with the source system, the client ID and client secret are passed to the Get token endpoint to get an access token. The returned token is then used for all upcoming requests. The Grant Type client_credentials is being used. The client credentials are sent via the request body. |
|
| Header: "Authorization: Bearer token" – For Access Token, we send a request to the Get Token Endpoint with content: “grant_type: client_credentials” “client_id: <CLIENT_ID>” “client_secret: <CLIENT_SECRET> |
OAuth2 (Resource Owner) | User inputs required in the data connection:
The client ID, client secret, username, and password are passed to the Get token endpoint to get an access token to authenticate with the source system. The returned token is then used for all upcoming requests. The Grant Type password is being used. The client credentials are sent via the request body. |
|
| Header: "Authorization: Bearer token" – For Access Token, we send a request to the Get Token Endpoint with content: “grant_type: password” “username: <USERNAME>” “password: <PASSWORD>” “client_id: <CLIENT_ID>” “client_secret: <CLIENT_SECRET> Note: Client secret is used only if it is specified. |
OAuth2 (JWT Bearer with Private Key) | User inputs required in the data connection:
To authenticate with the source system, the Private Key, the Issuer, and Subject Label are sent to the Get token endpoint and validated based on the Audience. The returned token is then used for all upcoming requests. The respective Grant Type can be found in the API documentation of the system you want to connect to. The audience, Issuer, Subject Label, and Private Key provided in the data connection are encoded with Base64. |
|
| Header: "Authorization: Bearer token" – For Access Token, we send a request to the Get Token Endpoint with content: “grant_type: <GRANT_TYPE>” “client_assertion: <JWT_ASSERTION>” → the JWT_ASSERTION: is the assertion generated from the Private Key and the selected Signature Algorithm |
OAuth2 via Proxy | User inputs required in the data connection:
The client ID, client secret, username, and password are passed to the Get token endpoint to get an access token to authenticate with the source system. The returned token is then used for all upcoming requests. Client ID, client secret, username, and password provided in the data connection are encoded with Base64 into one string |
|
| Header: "Authorization: Bearer token" – For Access Token, we send a request to the Get Token Endpoint with headers: “content-type: <CONTENT_TYPE>” “Authorization: <AUTH_STR>” → the AUTH_STR has the value of Base64 encoded credentials. The encoded part is generated from Client ID, Client Secret, Username and Password. |