Insert excerpt | ||||||||
---|---|---|---|---|---|---|---|---|
|
Why Use Authentication?
Authentication is a way to verify that only permitted calls to an API are allowed.
How To Enable Authentication on an API Endpoint
- Open a
in PhixFlow from theInsert excerpt _actionflow_api_endpoint _actionflow_api_endpoint name text nopanel true
homepageInsert excerpt _actionflow _actionflow nopanel true - On the toolbar, click
Insert excerpt _property_settings _property_settings nopanel true - Disable
Allow Anonymous ConnectionInsert excerpt _toggle_off _toggle_off nopanel true - This will then only allow authenticated calls to the API
the changesInsert excerpt _save _save nopanel true
How To Create Authentication Users
- In the
, expand the application with the Incoming APIInsert excerpt _repository _repository nopanel true - Expand
and create an New Role by clickingInsert excerpt _roles _roles nopanel true Insert excerpt _addIcon _addIcon nopanel true - Pin the tab as we will need it to remain open
- Provide a useful Name, e.g. GenerateToken
- In the Privileges section, click
Insert excerpt _privilege _privilege nopanel true - Search for the privilege in the Full Repository :
Use API Key
- Drag the Use API Key into the Privileges section of the Role
Insert excerpt _property_settings _property_settings nopanel true
the changesInsert excerpt _save _save nopanel true
- In the
section, clickInsert excerpt _user_group _user_group nopanel true Insert excerpt _user_group _user_group nopanel true - Add a new Group for your Role
- Give it a useful Name e.g. API Users
- Add any users you require to be able to run the API. This could be a dedicated API user with limited privileges
- To create a user see Managing User Accounts → Creating Users
- Click
and close the tabInsert excerpt _save _save nopanel true
- Now drag the new user group into the
section of the new roleInsert excerpt _user_group _user_group nopanel true
the changesInsert excerpt _save _save nopanel true
- Add a new Group for your Role
- The setup should look similar to:
How To Generate Authentication Tokens
- The Incoming API will run as a specified user, this means that when it is called the audit trail will show the specified user as having performed the Incoming API Actionflow
- You do not need to login as this user, however, if you were already logged in as this user, you will need to logout and login again to pick up the user group change
- In the
, scroll down to the Full Repository section and expand itInsert excerpt _repository _repository nopanel true - Expand the
sectionInsert excerpt _user _user nopanel true - Double click on the user who will run the Incoming API
- Click the 3-dot more menu in the top right of the user properties
- Click Generate API Key
- Copy the value displayed and store it somewhere safe
How To Send Authorisation
When calling the API, the authorisation token must be passed in as a header called: Authorization.
- On the
action, open theInsert excerpt _http _http nopanel true Insert excerpt _property_settings _property_settings nopanel true - In the Headers section, click
Insert excerpt _add_icon _add_icon nopanel true - Name:
Authorization
- Expression:
${_datasource.APIKey}
- Name:
Worked Example
Here's a worked example using the Company Data (available from the Learning Centre).
In this example, we are using:
- A Company Call API screen containing a fixed drop down list of industries, a string fields for the API Status and a multi-line string field for the Results - this screen was created using the Tile with Buttons template
Tip |
---|
If you are completing this chapter as part of the Actionflow course and using a training instance, the data and screens have already been pre-loaded into the Actionflow Advanced Application. For this example, we'll be working on the Company Call API screen. |
Add Authentication to API Calling Actionflow
In this example, we'll add authentication to the Actionflow that calls an API.
Prerequisites
For this example, we'll modify an API End Point Actionflow containing company data to only allow authenticated calls and we'll add secret key details to an Actionflow that calls the API.
The two Actionflows that will be modified were created in 3.11 Setting up an API Endpoint. If you have not completed this chapter, expand the section below and follow the steps to create the Actionflows.
Expand | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
|
Enable Authentication on API End Point Actionflow
- Open the
API Company DataInsert excerpt _actionflow_api_endpoint _actionflow_api_endpoint nopanel true - On the toolbar click
Insert excerpt _property_settings _property_settings nopanel true - In the API section, disable
Allow Anonymous ConnectionInsert excerpt _toggle_off _toggle_off nopanel true - This will then only allow authenticated calls to the API
the changesInsert excerpt _save _save nopanel true
Create Authentication User
- In the
, expand theInsert excerpt _repository _repository name full nopanel true
sectionInsert excerpt _user _user nopanel true - Click
to create a new user who will be able to run the APIInsert excerpt _add_icon _add_icon nopanel true - Login:
apiagent
- First Name:
API
- Surname:
Agent
- Password:
Phixflow123!
- Enabled:
Insert excerpt _toggle_on _toggle_on nopanel true
the userInsert excerpt _save _save nopanel true
- Login:
Create Role
We need to create a role then assign the privilege and user group(s) to it.
- In the
for the application (not the full repository), expand the application you're working inInsert excerpt _repository _repository nopanel true - Expand
and create an New Role by clickingInsert excerpt _roles _roles nopanel true Insert excerpt _addIcon _addIcon nopanel true - Pin the tab as we will need it to remain open
- Name:
GenerateAPIToken
- In the Privileges section, click
Insert excerpt _privilege _privilege nopanel true - Search for the privilege, Run Actions and drag it into the Privileges section of the Role
Insert excerpt _property_settings _property_settings nopanel true - Search for the privilege, Use API Key and drag it into the Privileges section of the Role
Insert excerpt _property_settings _property_settings nopanel true
the changesInsert excerpt _save _save nopanel true
- In the
section, clickInsert excerpt _user_group _user_group nopanel true Insert excerpt _user_group _user_group nopanel true - Create a new User Group by clicking the
Insert excerpt _add_icon _add_icon nopanel true - Name:
APIUsers
the new user groupInsert excerpt _save _save nopanel true - On the User Group, in the Users section, click
icon and drag across your API Agent user into the Users sectionInsert excerpt _user _user name icon nopanel true - Click
the changesInsert excerpt _save _save nopanel true
- Name:
- Create a new User Group by clicking the
- Click back onto the GenerateAPIToken Role tab
- Drag the APIUsers user group into the
section of the GenerateAPIToken RoleInsert excerpt _user_group _user_group nopanel true
the changesInsert excerpt _save _save nopanel true
Section | ||||
---|---|---|---|---|
|
Generate Authentication Token
- In the
, expand theInsert excerpt _repository _repository name full nopanel true
sectionInsert excerpt _user _user nopanel true - Double click on the API Agent user
- Hover over the 3-dot more menu in the top right corner
- Click Generate API Key
- Copy the value displayed and store it somewhere safe
Send Authorization
- On the screen, Company Call API, open the Actionflow on the Call API button
- Click on the HTTP Action, Call API, to open its
Insert excerpt _property_settings _property_settings nopanel true - In the Secret Key Details section, click
Insert excerpt _add_icon _add_icon nopanel true - Name: APIKey
- Enabled:
Insert excerpt _toggle_on _toggle_on nopanel true
the changesInsert excerpt _save _save nopanel true - Secret: click
Insert excerpt _add_icon _add_icon nopanel true - In the Secret field, paste the API Key you copied above
the changesInsert excerpt _save _save nopanel true
- In the Headers section, click
Insert excerpt _add_icon _add_icon nopanel true - Name:
Authorization
- Expression:
${_datasource.APIKey}
- Name:
the changesInsert excerpt _save _save nopanel true