Why Use Authentication?

Authentication is a way to verify that only permitted calls to an API are allowed.

How To Enable Authentication on an API Endpoint

1. Open a 

   Insert excerpt
   _actionflow_api_endpoint _actionflow_api_endpoint name text nopanel true

    in PhixFlow from the 

   Insert excerpt
   _actionflow _actionflow nopanel true

    homepage
2. On the toolbar, click 

   Insert excerpt
   _property_settings _property_settings nopanel true

3. Disable 

   Insert excerpt
   _toggle_off _toggle_off nopanel true

    Allow Anonymous Connection 
   1. This will then only allow authenticated calls to the API

4. Insert excerpt
   _save _save nopanel true

    the changes

How To Create Authentication Users

Create New User (Optional)

Create a dedicated API user with limited privileges if you want the API to show as being run by this user in the System Console. 

1. In the 

   Insert excerpt
   _repository _repository name full nopanel true

   , expand the 

   Insert excerpt
   _user _user nopanel true

    section 
2. Click 

   Insert excerpt
   _add_icon _add_icon nopanel true

    to create a new user who will be able to run the API
   1. Enabled: 

      Insert excerpt
      _toggle_on _toggle_on nopanel true

   2. Insert excerpt
      _save _save nopanel true

       the user

Create New Role

1. In the

   Insert excerpt
   _repository _repository nopanel true

   , expand the application with the Incoming API
2. Expand

   Insert excerpt
   _roles _roles nopanel true

    and create an New Role by clicking 

   Insert excerpt
   _addIcon _addIcon nopanel true

   1. Pin the tab as we will need it to remain open
   2. Provide a useful Name, e.g. GenerateToken

Add Privileges to New Role 

1. In the Privileges section, click 

   Insert excerpt
   _privilege _privilege nopanel true

2. Search for and drag across the privilege following privileges in the Full Repository Repository: 
   • Use API Key
   • Run Actions
3. Drag the Use API Key into the each privilege across from the Full Repository into the Privileges section of the Role 

   Insert excerpt
   _property_settings _property_settings nopanel true

   Image Removed

4. Insert excerpt
   _save _save nopanel true

    the changes

Create and Assign API User Group to Role

1. In the 

   Insert excerpt
   _user_group _user_group nopanel true

    section, click 

   Insert excerpt
   _user_group _user_group nopanel true

   1. Add a new Group for your Role
      1. Give it a useful Name e.g. API Users
      2. Add any users you require to be able to run the API.
         1. This could be a dedicated API user with limited privileges
         2. To create a user , such as the one created in the section, Create New User, above
            1. For more on creating users, see Managing User Accounts
             → Creating Users
      3. Click 

         Insert excerpt
         _save _save nopanel true

          and close the tab
   2. Now drag the new user group into the 

      Insert excerpt
      _user_group _user_group nopanel true

       section of the new role

   3. Insert excerpt
      _save _save nopanel true

       the changes
2. The setup should look similar to:
   Image Removed
   1. Image Added

Assign Application Access User Group to New User (Optional)

1. If you created a new user, in the 

   Insert excerpt
   _repository _repository name full nopanel true

   , expand the

   Insert excerpt
   _user _user nopanel true

    section
2. Double click on the new user
3. In the User Groups section, click the 

   Insert excerpt
   _user_group _user_group name icon nopanel true

    icon to display the available User Groups in the Full Repository
4. Search for the name of your application in the search box
   1. Two User Groups will display - drag across the one that doesn't contain _Admin into the User Group section of your user

How To Generate Authentication Tokens

1. The Incoming API will run as a specified user, this means that when it is called the audit trail will show the specified user as having performed the Incoming API Actionflow
2. You do not need to login as this user, however, if you were already logged in as this user, you will need to logout and login again to pick up the user group change 
3. In the 

   Insert excerpt
   _repository _repository nopanel true

   , scroll down to the Full Repository section and expand it
4. Expand the

   Insert excerpt
   _user _user nopanel true

    section
5. Double click on the user who will run the Incoming API
6. Click the 3-dot more menu in the top right of the user properties
7. Click Generate API Key
8. Copy the value displayed and store it somewhere safe

How To Send Authorisation

When calling the Incoming API, the authorisation token must be passed in as a header called: Authorization.

1. On the 

   Insert excerpt
   _http _http nopanel true

    action, open the 

   Insert excerpt
   _property_settings _property_settings nopanel true

2. In the Secret Key Details section, click 

   Insert excerpt
   _add_icon _add_icon nopanel true

   1. Give the secret key a name, e.g. MyAPIKey
   2. Toggle on Enabled

   3. Insert excerpt
      _save _save nopanel true

       the secret key
   4. Next to Secret, click 

      Insert excerpt
      _add_icon _add_icon nopanel true

   5. Paste in the API Key you copied above - see above section, How To Generate Authentication Tokens

   6. Insert excerpt
      _finish _finish nopanel true

       the Local Secret and Secret Key
3. In the Headers section , click on the

   Insert excerpt
   _http _http nopanel true

    action, click 

   Insert excerpt
   _add_icon _add_icon nopanel true

   1. Name: Authorization
   2. Expression: ${_datasource.APIKeyMyAPIKey}
      1. Where MyAPIKey is the name of the Secret Key you set above

Worked Example

Here's a worked example using the Company Data (available from the Learning Centre).

In this example, we are using:  

• A Company Call API screen containing a fixed drop down list of industries, a string fields for the API Status and a multi-line string field for the Results - this screen was created using the Tile with Buttons template

Add Authentication to API Calling Actionflow

In this example, we'll add authentication to the Actionflow that calls an API. 

Prerequisites

For this example, we'll modify an API End Point Actionflow containing company data to only allow authenticated calls and we'll add secret key details to an Actionflow that calls the API.

The two Actionflows that will be modified were created in 3.11 Setting up an API Endpoint. If you have not completed this chapter, expand the section below and follow the steps to create the Actionflows.

Enable Authentication on API End Point Actionflow

1. Open the

   Insert excerpt
   _actionflow_api_endpoint _actionflow_api_endpoint nopanel true

    API Company Data 
2. On the toolbar click 

   Insert excerpt
   _property_settings _property_settings nopanel true

3. In the API section, disable 

   Insert excerpt
   _toggle_off _toggle_off nopanel true

    Allow Anonymous Connection 
   1. This will then only allow authenticated calls to the API

4. Insert excerpt
   _save _save nopanel true

    the changes

Create Authentication User

1. In the 

   Insert excerpt
   _repository _repository name full nopanel true

   , expand the 

   Insert excerpt
   _user _user nopanel true

    section 
2. Click 

   Insert excerpt
   _add_icon _add_icon nopanel true

    to create a new user who will be able to run the API
   1. Login: apiagent
   2. First Name: API
   3. Surname: Agent
   4. Password: Phixflow123!
   5. Enabled: 

      Insert excerpt
      _toggle_on _toggle_on nopanel true

   6. Insert excerpt
      _save _save nopanel true

       the user

Create Role

We need to create a role then assign the privilege and user group(s) to it.

1. In the

   Insert excerpt
   _repository _repository nopanel true

    for the application (not the full repository), expand the application you're working in
2. Expand

   Insert excerpt
   _roles _roles nopanel true

    and create an New Role by clicking 

   Insert excerpt
   _addIcon _addIcon nopanel true

   1. Pin the tab as we will need it to remain open
   2. Name: GenerateAPITokenIn

Add Privileges to Role

1. On the Role, in the Privileges section, click 

   Insert excerpt
   _privilege _privilege nopanel true

   1. Search for the privilege, Run Actions  and drag it into the across the following privileges from the Full Repository into the Privileges section of the Role 

      Insert excerpt
      _property_settings _property_settings nopanel true

      Search for the privilege, Use API Key and drag it into the Privileges section of the Role 

      Insert excerpt
      _property_settings _property_settings nopanel true

      :
      • Run Actions
      • Use API Key
   2. 

   3. Insert excerpt
      _save _save nopanel true

       the changes
   In

Create and Assign User Group to Role

1. On the Role, in the 

   Insert excerpt
   _user_group _user_group nopanel true

    section, click 

   Insert excerpt
   _user_group _user_group nopanel true

   1. Create a new User Group by clicking the 

      Insert excerpt
      _add_icon _add_icon nopanel true

      1. Name: APIUsers

      2. Insert excerpt
         _save _save nopanel true

          the new user group
      3. On the User Group, in the Users section, click

         Insert excerpt
         _user _user name icon nopanel true

          icon and drag across your API Agent user into the Users section
      4. Click 

         Insert excerpt
         _save _save nopanel true

          the changes
2. Click back onto the GenerateAPIToken Role tab
3. Drag the APIUsers user group into the 

   Insert excerpt
   _user_group _user_group nopanel true

    section of the GenerateAPIToken Role

   1. Insert excerpt
      _save _save nopanel true

       the changes

Assign Application Access User Group to User

1. In the 

   Insert excerpt
   _repository _repository name full nopanel true

   , expand the

   Insert excerpt
   _user _user nopanel true

    section
2. Double click on the API Agent user
3. Hover In the User Groups section, click the 

   Insert excerpt
   _user_group _user_group name icon nopanel true

    icon to display the available User Groups in the Full Repository
4. Search for the name of your application in the search box
   1. Two User Groups will display - drag across the one that doesn't contain _Admin into the User Group section of your API Agent user

Generate Authentication Token

1. On the API Agent user, hover over the 3-dot more menu in the top right corner
2. Click Generate API Key
3. Copy the value displayed and store it somewhere safe

Send Authorization

1. On the screen, Company Call API, open the Actionflow on the Call API button
2. Click on the HTTP Action, Call API, to open its

   Insert excerpt
   _property_settings _property_settings nopanel true

3. In the Secret Key Details section, click 

   Insert excerpt
   _add_icon _add_icon nopanel true

   1. Name: APIKey
   2. Enabled: 

      Insert excerpt
      _toggle_on _toggle_on nopanel true

   3. Insert excerpt
      _save _save nopanel true

       the changes
   4. Secret: click 

      Insert excerpt
      _add_icon _add_icon nopanel true

      1. In the Secret field, paste the API Key you copied above

      2. Insert excerpt
         _save _save nopanel true

          the changes
         
4. In the Headers section, click 

   Insert excerpt
   _add_icon _add_icon nopanel true

   1. Name: Authorization
   2. Expression: ${_datasource.APIKey}

5. Insert excerpt
   _save _save nopanel true

    the changes

Testing

1. On the Actionflow calling the API, click Run Action and run the Actionflow
2. Access the System Console to check if the API displays as being run by your specific API User

Image Added

Image Added