Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Insert excerpt
_Banners
_Banners
nameactionflow
nopaneltrue

Adding Authentication to API Calls

Step 1 - Enable Authentication

  • Open the Incoming API/API End Point Actionflow
  • On the toolbar

    Why Use Authentication?

    Authentication is a way to verify that only permitted calls to an API are allowed.

    Iframe
    allowfullscreentrue
    srchttps://www.youtube.com/embed/tUgmajEcVfI?si=35Vv3MFWtSeSV-rM?&rel=0&ytp-pause-overlay
    width680
    alignmiddle
    height400

    How To Enable Authentication on an API Endpoint

    1. Open a 
      Insert excerpt
      _actionflow_api_endpoint
      _actionflow_api_endpoint
      nametext
      nopaneltrue
       in PhixFlow from the 
      Insert excerpt
      _actionflow
      _actionflow
      nopaneltrue
       homepage
    2. On the toolbar, click 
      Insert excerpt
      _property_settings
      _property_settings
      nopaneltrue
    3. In the API section, disable Disable 
      Insert excerpt
      _toggle_off
      _toggle_off
      nopaneltrue
       Allow Anonymous Connection 
      1. This will then only allow authenticated calls to the API
    4. Insert excerpt
      _save
      _save
      nopaneltrue
       the changes
    Step 2 -

    How To Create

    an

    Authentication Users

    Create New User (Optional)

    Create a dedicated API user with limited privileges if you want the API to show as being run by this user in the System Console. 

    1. In the 
      Insert excerpt
      _repository
      _repository
      namefull
      nopaneltrue
      , expand the 
      Insert excerpt
      _user
      _user
      nopaneltrue
       section 
    2. Click 
      Insert excerpt
      _add_icon
      _add_icon
      nopaneltrue
       to create a new user who will be able to run the API
      1. Enabled: 
        Insert excerpt
        _toggle_on
        _toggle_on
        nopaneltrue
      2. Insert excerpt
        _save
        _save
        nopaneltrue
         the user

    Create New Role

    1. In the
      Insert excerpt
      _repository
      _repository
      nopaneltrue
      , expand the application with the Incoming API
    2. Expand
      Insert excerpt
      _roles
      _roles
      nopaneltrue
       and create an New Role by clicking 
      Insert excerpt
      _addIcon
      _addIcon
      nopaneltrue
      1. Pin the tab as we will need it to remain open
      2. Provide a useful Name, e.g. GenerateToken

    Add Privileges to New Role 

    1. In the Privileges section, click 
      Insert excerpt
      _privilege
      _privilege
      nopaneltrue
    2. Search for and drag across the privilege following privileges in the Full Repository Repository: 
      • Use API Key
      • Run Actions
      • View Table Actions (PhixFlow version 11.2 or older only)
    3. Drag the Use API Key into the each privilege across from the Full Repository into the Privileges section of the Role 
      Insert excerpt
      _property_settings
      _property_settings
      nopaneltrue
      Image Removed
    4. Insert excerpt
      _save
      _save
      nopaneltrue
       the changes

    Create and Assign API User Group to Role

    1. In the 
      Insert excerpt
      _user_group
      _user_group
      nopaneltrue
       section, click 
      Insert excerpt
      _user_group
      _user_group
      nopaneltrue
      1. Add a new Group for your Role
        1. Give it a useful Name e.g. API Users
        2. Add any users you require to be able to run the API.
          1. This could be a dedicated API user with limited privileges
          2. To create a user , such as the one created in the section, Create New User, above
            1. For more on creating users, see Managing User Accounts
             → Creating Users
        3. Click 
          Insert excerpt
          _save
          _save
          nopaneltrue
           and close the tab
      2. Now drag the new user group into the 
        Insert excerpt
        _user_group
        _user_group
        nopaneltrue
         section of the new role
      3. Insert excerpt
        _save
        _save
        nopaneltrue
         the changes
    2. The setup should look similar to:
      1. Image Removed

    Step 3 - Authentication Token KeyStore

    A signing key is used to generate the PhixFlow API key and this is stored on the server to ensure secure access.

    Using the page Configure a Keystore and Aliases, configure phixflow-api-key to be used as the signing key for PhixFlow API Keys in the same way as the pepperKey is configured. This secret string must be a minimum of 32 bytes length.

    Step 4 - Generate Authentication Token
      1. Image Added
        1. If working in PhixFlow version 11.2 or older, the role will have an additional privilege: View Table Actions 

    Assign Application Access User Group to New User (Optional)

    1. If you created a new user, in the 
      Insert excerpt
      _repository
      _repository
      namefull
      nopaneltrue
      , expand the
      Insert excerpt
      _user
      _user
      nopaneltrue
       section
    2. Double click on the new user
    3. In the User Groups section, click the 
      Insert excerpt
      _user_group
      _user_group
      nameicon
      nopaneltrue
       icon to display the available User Groups in the Full Repository
    4. Search for the name of your application in the search box
      1. Two User Groups will display - drag across the one that doesn't contain _Admin into the User Group section of your user

    How To Generate Authentication Tokens

    1. The Incoming API will run as a specified user, this means that when it is called the audit trail will show the specified user as having performed the Incoming API Actionflow
    2. You do not need to login as this user, however, if you were already logged in as this user, you will need to logout and login again to pick up the user group change 
    3. In the 
      Insert excerpt
      _repository
      _repository
      nopaneltrue
      , scroll down to the Full Repository section and expand it
    4. Expand the
      Insert excerpt
      _user
      _user
      nopaneltrue
       section
    5. Double click on the user who will run the Incoming API
    6. Click the 3-dot more menu in the top right of the user properties
    7. Click Generate API Key
    8. Copy the value displayed and store it somewhere safe

    Step 5 - Send Authorization

    How To Send Authorisation

    When calling the Incoming API, the authorisation token must be passed in as a header called: Authorization.

    1. On the 
      Insert excerpt
      _http
      _http
      nopaneltrue
       action, open the 
      Insert excerpt
      _property_settings
      _property_settings
      nopaneltrue
    2. In the Secret Key Details section, click 
      Insert excerpt
      _add_icon
      _add_icon
      nopaneltrue
      1. Give the secret key a name, e.g. MyAPIKey
      2. Toggle on Enabled
      3. Insert excerpt
        _save
        _save
        nopaneltrue
         the secret key
      4. Next to Secret, click 
        Insert excerpt
        _add_icon
        _add_icon
        nopaneltrue
      5. Paste in the API Key you copied above - see above section, How To Generate Authentication Tokens
      6. Insert excerpt
        _finish
        _finish
        nopaneltrue
         the Local Secret and Secret Key
    3. In the Headers section on the
      Insert excerpt
      _http
      _http
      nopaneltrue
       action, click 
      Insert excerpt
      _add_icon
      _add_icon
      nopaneltrue
      1. Name: Authorization
      2. Expression: ${_datasource.MyAPIKey}
        1. Where MyAPIKey is the name of the Secret Key you set above

    Worked Example

    Here's a worked example using the Company Data (available from the Learning Centre).

    In this example, we are using:  

    • A Company Call API screen containing a fixed drop down list of industries, a string fields for Status, StatusMessage, Industry, CompanyName, CompanyID the API Status and a multi-line string field for Results the Results - this screen was created using the Tile with Buttons template
    Tip

    If you are completing this chapter as part of the Actionflow course and using a training instance, the data and screens have already been pre-loaded into the Actionflow Advanced Application. For this example, we'll be working on the Company Call API screen.

    Add Authentication to API Calling Actionflow

    In this example, we'll add authentication to the Actionflow that calls the an API. 

    Prerequisites

    For this example, we'll modify an API End Point Actionflow containing company data to only allow authenticated calls and we'll add secret key details to an Actionflow that calls the API.

    The two Actionflows that will be modified were created in 3.01 11 Setting up an API End PointEndpoint. If you have not completed this chapter, expand the section below and follow the steps to create the Actionflows.

    Expand
    titleCreate API End Point Actionflow and Call API Actionflow

    Insert excerpt
    3.01 11 Setting up an API End PointEndpoint
    3.01 11 Setting up an API End PointEndpoint
    nameexample
    nopaneltrue

    Enable Authentication on API End Point Actionflow

    1. Open the
      Insert excerpt
      _actionflow_api_endpoint
      _actionflow_api_endpoint
      nopaneltrue
       API Company Data Actionflow
    2. On the toolbar click 
      Insert excerpt
      _property_settings
      _property_settings
      nopaneltrue
    3. In the API section, disable 
      Insert excerpt
      _toggle_off
      _toggle_off
      nopaneltrue
       Allow Anonymous Connection 
      1. This will then only allow authenticated calls to the API
    4. Insert excerpt
      _save
      _save
      nopaneltrue
       the changes

    Create Authentication User

    1. In the 
      Insert excerpt
      _repository
      _repository
      namefull
      nopaneltrue
      , expand the 
      Insert excerpt
      _user
      _user
      nopaneltrue
       section 
    2. Click 
      Insert excerpt
      _add_icon
      _add_icon
      nopaneltrue
       to create a new user who will be able to run the API
      1. Login: apiagent
      2. First Name: API
      3. Surname: Agent
      4. Password: Phixflow123!
      5. Enabled: 
        Insert excerpt
        _toggle_on
        _toggle_on
        nopaneltrue
      6. Insert excerpt
        _save
        _save
        nopaneltrue
         the userIn the  Insert excerpt_user_group_user_groupnopaneltrue section, click the  Insert excerpt_ user_group_user_groupnameiconnopaneltrue iconAdd a new User Group called APIUsersIn the Users section, click Insert excerpt_user_usernameiconnopaneltrue icon and drag across your API Agent user into the Users section
      7. Close the Users window
      8. Click  Insert excerpt_save_savenopaneltrue on the User Group tab

    Create Role

    We need to create a role then assign the privilege and user group(s) to it.

    1. In the
      Insert excerpt
      _repository
      _repository
      nopaneltrue
       for the application (not the full repository), expand the application you're working in
    2. Expand
      Insert excerpt
      _roles
      _roles
      nopaneltrue
       and create an New Role by clicking 
      Insert excerpt
      _addIcon
      _addIcon
      nopaneltrue
      1. Pin the tab as we will need it to remain open
      2. Name: GenerateAPITokenIn

    Add Privileges to Role

    1. On the Role, in the Privileges section, click 
      Insert excerpt
      _privilege
      _privilege
      nopaneltrue
      1. Search for the privilege, Use API Key and drag it into the across the following privileges from the Full Repository into the Privileges section of the Role 
        Insert excerpt
        _property_settings
        _property_settings
        nopaneltrue
        :
        • Run Actions
        • Use API Key
        • View Table Actions (only if working in PhixFlow version 11.2 or older)
      2. Insert excerpt
        _save
        _save
        nopaneltrue
         the changes
      In

    Create and Assign User Group to Role

    1. On the Role, in the 
      Insert excerpt
      _user_group
      _user_group
      nopaneltrue
       section, click 
      Insert excerpt
      _user_group
      _user_group
      nopaneltrue
      1. Add Create a new User Group called APIUsersIn the Users section, click  by clicking the 
        Insert excerpt
        _
        user
        add_icon
        _usernameicon
        _add_icon
        nopaneltrue
        1. Name: APIUsers
        2. Insert excerpt
          _save
          _save
          nopaneltrue
           icon and drag across your API Agent user into  the new user group
        3. On the User Group, in the Users section, click Click the 
          Insert excerpt
          _rolesuser
          _rolesuser
          nameicon
          nopaneltrue
           icon and drag across the Role, User, your API Agent user into the Roles section of the APIUsers User GroupClose the Users windowUsers section
        4. Click 
          Insert excerpt
          _save
          _save
          nopaneltrue
           on the User Group tab the changes
    2. Click back onto the GenerateAPIToken Role tab
    3. Drag the APIUsers user group into the 
      Insert excerpt
      _user_group
      _user_group
      nopaneltrue
       section of the GenerateAPIToken Role
      1. Insert excerpt
        _save
        _save
        nopaneltrue
         the changes
    Section


    Column

    Image RemovedImage Added


    Column

    Image Removed

    Generate Authentication Token

    Image Added


    Assign Application Access User Group to User

    1. In the 
      Insert excerpt
      _repository
      _repository
      namefull
      nopaneltrue
      , expand the
      Insert excerpt
      _user
      _user
      nopaneltrue
       section
    2. Double click on the API Agent user
    3. In the User Groups section, click the 
      Insert excerpt
      _user_group
      _user_group
      nameicon
      nopaneltrue
       icon to display the available User Groups in the Full Repository
    4. Search for the name of your application in the search box
      1. Two User Groups will display - drag across the one that doesn't contain _Admin into the User Group section of your API Agent user
      Hover

    Generate Authentication Token

    1. On the API Agent user, hover over the 3-dot more menu in the top right corner
    2. Click Generate API Key
    3. Copy the value displayed and store it somewhere safe

    Send Authorization

    1. On the screen, Company Call API, open the Actionflow on the Call API button
    2. Click on the HTTP Action, Call API, to open its
      Insert excerpt
      _property_settings
      _property_settings
      nopaneltrue
    3. In the Secret Key Details section, click 
      Insert excerpt
      _add_icon
      _add_icon
      nopaneltrue
      1. Name: APIKey
      2. Enabled: 
        Insert excerpt
        _toggle_on
        _toggle_on
        nopaneltrue
      3. Insert excerpt
        _save
        _save
        nopaneltrue
         the changes
      4. Secret: click 
        Insert excerpt
        _add_icon
        _add_icon
        nopaneltrue
        1. In the Secret field, paste the API Key you copied above
        2. Insert excerpt
          _save
          _save
          nopaneltrue
           the changes
    4. In the Headers section, click 
      Insert excerpt
      _add_icon
      _add_icon
      nopaneltrue
      1. Name: Authorization
      2. Expression: ${_datasource.APIKey}
    5. Insert excerpt
      _save
      _save
      nopaneltrue
       the changes

    Testing

    1. On the Actionflow calling the API, click Run Action and run the Actionflow
    2. Access the System Console to check if the API displays as being run by your specific API User

    Image Added

    Image Modified