Insert excerpt

	_Banners
	_Banners
name	actionflow
nopanel	true

Adding Authentication to API Calls

Enable Authentication

Open the API End Point

On the toolbar

Why Use Authentication?

Authentication is a way to verify that only permitted calls to an API are allowed.

Iframe

allowfullscreen	true
src	https://www.youtube.com/embed/tUgmajEcVfI?si=35Vv3MFWtSeSV-rM?&rel=0&ytp-pause-overlay
width	680
align	middle
height	400

How To Enable Authentication on an API Endpoint

Open a
Insert excerpt
_actionflow_api_endpoint
_actionflow_api_endpoint
name text
nopanel true
in PhixFlow from the
Insert excerpt
_actionflow
_actionflow
nopanel true
homepage
On the toolbar, click
Insert excerpt
_property_settings
_property_settings
nopanel true
Disable
Insert excerpt
_toggle_off
_toggle_off
nopanel true
Allow Anonymous Connection
1. This will then only allow authenticated calls to the API
Insert excerpt
_save
_save
nopanel true
the changes

How To Create

an

Authentication Users

Create New User (Optional)

Create a dedicated API user with limited privileges if you want the API to show as being run by this user in the System Console.

In the
Insert excerpt
_repository
_repository
name full
nopanel true
, expand the
Insert excerpt
_user
_user
nopanel true
section
Click
Insert excerpt
_add_icon
_add_icon
nopanel true
to create a new user who will be able to run the API
1. Enabled:
  Insert excerpt
  _toggle_on
  _toggle_on
  nopanel true
2. Insert excerpt
  _save
  _save
  nopanel true
  the user

Create New Role

In the
Insert excerpt
_repository
_repository
nopanel true
, expand the application with the Incoming API
Expand
Insert excerpt
_roles
_roles
nopanel true
and create an New Role by clicking
Insert excerpt
_addIcon
_addIcon
nopanel true
1. Pin the tab as we will need it to remain open
2. Provide a useful Name, e.g. GenerateToken

Add Privileges to New Role

In the Privileges section, click
Insert excerpt
_privilege
_privilege
nopanel true
Search for and drag across the privilege following privileges in the Full Repository Repository:
- Use API Key
- Run Actions
Drag the Use API Key into the each privilege across from the Full Repository into the Privileges section of the Role
Insert excerpt
_property_settings
_property_settings
nopanel true
Image Removed
Insert excerpt
_save
_save
nopanel true
the changes

Create and Assign API User Group to Role

In the
Insert excerpt
_user_group
_user_group
nopanel true
section, click
Insert excerpt
_user_group
_user_group
nopanel true
1. Add a new Group for your Role
  1. Give it a useful Name e.g. API Users
  2. Add any users you require to be able to run the API.
    1. This could be a dedicated API user with limited privileges
    2. To create a user , such as the one created in the section, Create New User, above
      1. For more on creating users, see Managing User Accounts
      → Creating Users
  3. Click
    Insert excerpt
    _save
    _save
    nopanel true
    and close the tab
2. Now drag the new user group into the
  Insert excerpt
  _user_group
  _user_group
  nopanel true
  section of the new role
3. Insert excerpt
  _save
  _save
  nopanel true
  the changes
The setup should look similar to:
1. Image Removed

Authentication Token KeyStore

A signing key is used to generate the PhixFlow API key and this is stored on the server to ensure secure access.

Using the page Configure a Keystore and Aliases, configure phixflow-api-key to be used as the signing key for PhixFlow API Keys in the same way as the pepperKey is configured. This secret string must be a minimum of 32 bytes length.

Generate Authentication Token

1. Image Added

Assign Application Access User Group to New User (Optional)

If you created a new user, in the
Insert excerpt
_repository
_repository
name full
nopanel true
, expand the
Insert excerpt
_user
_user
nopanel true
section
Double click on the new user
In the User Groups section, click the
Insert excerpt
_user_group
_user_group
name icon
nopanel true
icon to display the available User Groups in the Full Repository
Search for the name of your application in the search box
1. Two User Groups will display - drag across the one that doesn't contain _Admin into the User Group section of your user

How To Generate Authentication Tokens

The Incoming API will run as a specified user, this means that when it is called the audit trail will show the specified user as having performed the Incoming API Actionflow
You do not need to login as this user, however, if you were already logged in as this user, you will need to logout and login again to pick up the user group change
In the
Insert excerpt
_repository
_repository
nopanel true
, scroll down to the Full Repository section and expand it
Expand the
Insert excerpt
_user
_user
nopanel true
section
Double click on the user who will run the Incoming API
Click the 3-dot more menu in the top right of the user properties
Click Generate API Key
Copy the value displayed and store it somewhere safe

How To Send

Authorization

Authorisation

When calling the Incoming API, the authorisation token must be passed in as a header called: Authorization.

On the
Insert excerpt
_http
_http
nopanel true
action, open the
Insert excerpt
_property_settings
_property_settings
nopanel true
In the Secret Key Details section, click
Insert excerpt
_add_icon
_add_icon
nopanel true
1. Give the secret key a name, e.g. MyAPIKey
2. Toggle on Enabled
3. Insert excerpt
  _save
  _save
  nopanel true
  the secret key
4. Next to Secret, click
  Insert excerpt
  _add_icon
  _add_icon
  nopanel true
5. Paste in the API Key you copied above - see above section, How To Generate Authentication Tokens
6. Insert excerpt
  _finish
  _finish
  nopanel true
  the Local Secret and Secret Key
In the Headers section , click on the
Insert excerpt
_http
_http
nopanel true
action, click
Insert excerpt
_add_icon
_add_icon
nopanel true
1. Name: Authorization
2. Expression: ${_datasource.APIKeyMyAPIKey}
  1. Where MyAPIKey is the name of the Secret Key you set above

Worked Example

Here's a worked example using the Company Data (available from the Learning Centre).

In this example, we are using:

A Company Call API screen containing a fixed drop down list of industries, a string fields for the API Status and a multi-line string field for the Results - this screen was created using the Tile with Buttons template

Tip
If you are completing this chapter as part of the Actionflow course and using a training instance, the data and screens have already been pre-loaded into the Actionflow Advanced Application. For this example, we'll be working on the Company Call API screen.

Add Authentication to API Calling Actionflow

In this example, we'll add authentication to the Actionflow that calls an API.

Prerequisites

For this example, we'll modify an API End Point Actionflow containing company data to only allow authenticated calls and we'll add secret key details to an Actionflow that calls the API.

The two Actionflows that will be modified were created in 3.01 Setting up an API End Point.Endpoint If you have not completed this chapter, expand the section below and follow the steps to create the Actionflows.

Expand

title	Create API End Point Actionflow and Call API Actionflow

Insert excerpt

	3.01 Setting up an API End PointEndpoint3.01
	Setting up an API End PointEndpoint
name	example
nopanel	true

Enable Authentication on API End Point Actionflow

Open the API Company Data API End Point
Insert excerpt
_actionflow_api_endpoint
_actionflow_api_endpoint
nopanel true
API Company Data
On the toolbar click
Insert excerpt
_property_settings
_property_settings
nopanel true
In the API section, disable
Insert excerpt
_toggle_off
_toggle_off
nopanel true
Allow Anonymous Connection
1. This will then only allow authenticated calls to the API
Insert excerpt
_save
_save
nopanel true
the changes

Create Authentication User

In the
Insert excerpt
_repository
_repository
name full
nopanel true
, expand the
Insert excerpt
_user
_user
nopanel true
section
Click
Insert excerpt
_add_icon
_add_icon
nopanel true
to create a new user who will be able to run the API
1. Login: apiagent
2. First Name: API
3. Surname: Agent
4. Password: Phixflow123!
5. Enabled:
  Insert excerpt
  _toggle_on
  _toggle_on
  nopanel true
6. Insert excerpt
  _save
  _save
  nopanel true
  the user

Create Role

We need to create a role then assign the privilege and user group(s) to it.

In the
Insert excerpt
_repository
_repository
nopanel true
for the application (not the full repository), expand the application you're working in
Expand
Insert excerpt
_roles
_roles
nopanel true
and create an New Role by clicking
Insert excerpt
_addIcon
_addIcon
nopanel true
1. Pin the tab as we will need it to remain open
2. Name: GenerateAPITokenIn

Add Privileges to Role

On the Role, in the Privileges section, click
Insert excerpt
_privilege
_privilege
nopanel true
1. Search for the privilege, Use API Key and drag it into the across the following privileges from the Full Repository into the Privileges section of the Role
  Insert excerpt
  _property_settings
  _property_settings
  nopanel true
2. Image Removed
3. Search for the privilege, Run Actions and drag it into the Privileges section of the Role Insert excerpt_property_settings_property_settingsnopaneltrue:
  - Run Actions
  - Use API Key
4. Image Added
5. Insert excerpt
  _save
  _save
  nopanel true
  the changes
In

Create and Assign User Group to Role

On the Role, in the
Insert excerpt
_user_group
_user_group
nopanel true
section, click
Insert excerpt
_user_group
_user_group
nopanel true
1. Create a new User Group by clicking the Insert excerpt _add_icon _add_icon nopanel true
  1. Name: APIUsers
  2. Insert excerpt
    _save
    _save
    nopanel true
    the new user group
  3. On the User Group, in the Users section, click
    Insert excerpt
    _user
    _user
    name icon
    nopanel true
    icon and drag across your API Agent user into the Users section
  4. Click
    Insert excerpt
    _save
    _save
    nopanel true
    the changes
Click back onto the GenerateAPIToken Role tab
Drag the APIUsers user group into the
Insert excerpt
_user_group
_user_group
nopanel true
section of the GenerateAPIToken Role
1. Insert excerpt
  _save
  _save
  nopanel true
  the changes

Section

Column
Image RemovedImage Added

Column
Image Removed

Generate Authentication Token

Image Added

Assign Application Access User Group to User

In the
Insert excerpt
_repository
_repository
name full
nopanel true
, expand the
Insert excerpt
_user
_user
nopanel true
section
Double click on the API Agent userHover
In the User Groups section, click the
Insert excerpt
_user_group
_user_group
name icon
nopanel true
icon to display the available User Groups in the Full Repository
Search for the name of your application in the search box
1. Two User Groups will display - drag across the one that doesn't contain _Admin into the User Group section of your API Agent user

Generate Authentication Token

On the API Agent user, hover over the 3-dot more menu in the top right corner
Click Generate API Key
Copy the value displayed and store it somewhere safe

Send Authorization

On the screen, Company Call API, open the Actionflow on the Call API button
Click on the HTTP Action, Call API, to open its
Insert excerpt
_property_settings
_property_settings
nopanel true
In the Secret Key Details section, click
Insert excerpt
_add_icon
_add_icon
nopanel true
1. Name: APIKey
2. Enabled:
  Insert excerpt
  _toggle_on
  _toggle_on
  nopanel true
3. Insert excerpt
  _save
  _save
  nopanel true
  the changes
4. Secret: click
  Insert excerpt
  _add_icon
  _add_icon
  nopanel true
  1. In the Secret field, paste the API Key you copied above
  2. Insert excerpt
    _save
    _save
    nopanel true
    the changes
In the Headers section, click
Insert excerpt
_add_icon
_add_icon
nopanel true
1. Name: Authorization
2. Expression: ${_datasource.APIKey}
Insert excerpt
_save
_save
nopanel true
the changes

3.03 Bulk Delete Action Configuration

Testing

On the Actionflow calling the API, click Run Action and run the Actionflow
Access the System Console to check if the API displays as being run by your specific API User

Image Added

Versions Compared

Old Version 9

New Version Current

Key

Adding Authentication to API Calls

Enable Authentication

Why Use Authentication?

How To Enable Authentication on an API Endpoint

How To Create