Why Use Authentication?
Authentication is a way to verify that only permitted calls to an API are allowed.
How To Enable Authentication on an API Endpoint
- Open a API Endpoint in PhixFlow from the Actionflow homepage
- On the toolbar, click Properties
- Disable Allow Anonymous Connection
- This will then only allow authenticated calls to the API
- Apply the changes
How To Create Authentication Users
- In the Repository, expand the application with the Incoming API
- Expand Roles and create an New Role by clicking
- Pin the tab as we will need it to remain open
- Provide a useful Name, e.g. GenerateToken
- In the Privileges section, click Privileges
- Search for the privilege in the Full Repository :
Use API Key
- Drag the Use API Key into the Privileges section of the Role Properties
- Apply the changes
- In the User Groups section, click User Groups
- Add a new Group for your Role
- Give it a useful Name e.g. API Users
- Add any users you require to be able to run the API. This could be a dedicated API user with limited privileges
- To create a user see Managing User Accounts → Creating Users
- Click Apply and close the tab
- Now drag the new user group into the User Groups section of the new role
- Apply the changes
- Add a new Group for your Role
- The setup should look similar to:
How To Generate Authentication Tokens
- The Incoming API will run as a specified user, this means that when it is called the audit trail will show the specified user as having performed the Incoming API Actionflow
- You do not need to login as this user, however, if you were already logged in as this user, you will need to logout and login again to pick up the user group change
- In the Repository, scroll down to the Full Repository section and expand it
- Expand the Users section
- Double click on the user who will run the Incoming API
- Click the 3-dot more menu in the top right of the user properties
- Click Generate API Key
- Copy the value displayed and store it somewhere safe
How To Send Authorisation
When calling the Incoming API, the authorisation token must be passed in as a header called: Authorization.
- In the Headers section, click
- Name:
Authorization
- Expression:
${_datasource.APIKey}
- Name:
Worked Example
Here's a worked example using the Company Data (available from the Learning Centre).
In this example, we are using:
- A Company Call API screen containing a fixed drop down list of industries, a string fields for the API Status and a multi-line string field for the Results - this screen was created using the Tile with Buttons template
If you are completing this chapter as part of the Actionflow course and using a training instance, the data and screens have already been pre-loaded into the Actionflow Advanced Application. For this example, we'll be working on the Company Call API screen.
Add Authentication to API Calling Actionflow
In this example, we'll add authentication to the Actionflow that calls an API.
Prerequisites
For this example, we'll modify an API End Point Actionflow containing company data to only allow authenticated calls and we'll add secret key details to an Actionflow that calls the API.
The two Actionflows that will be modified were created in 3.11 Setting up an API Endpoint. If you have not completed this chapter, expand the section below and follow the steps to create the Actionflows.
Enable Authentication on API End Point Actionflow
- Open the API Company Data
- On the toolbar click Properties
- In the API section, disable Allow Anonymous Connection
- This will then only allow authenticated calls to the API
- Apply the changes
Create Authentication User
- In the Full Repository, expand the Users section
- Click to create a new user who will be able to run the API
- Login:
apiagent
- First Name:
API
- Surname:
Agent
- Password:
Phixflow123!
- Enabled:
- Apply the user
- Login:
Create Role
We need to create a role then assign the privilege and user group(s) to it.
- In the Repository for the application (not the full repository), expand the application you're working in
- Expand Roles and create an New Role by clicking
- Pin the tab as we will need it to remain open
- Name:
GenerateAPIToken
- In the Privileges section, click Privileges
- Search for the privilege, Run Actions and drag it into the Privileges section of the Role Properties
- Search for the privilege, Use API Key and drag it into the Privileges section of the Role Properties
- Apply the changes
- In the User Groups section, click User Groups
- Create a new User Group by clicking the
- Name:
APIUsers
- Apply the new user group
- On the User Group, in the Users section, click icon and drag across your API Agent user into the Users section
- Click Apply the changes
- Name:
- Create a new User Group by clicking the
- Click back onto the GenerateAPIToken Role tab
- Drag the APIUsers user group into the User Groups section of the GenerateAPIToken Role
- Apply the changes
Generate Authentication Token
- In the Full Repository, expand the Users section
- Double click on the API Agent user
- Hover over the 3-dot more menu in the top right corner
- Click Generate API Key
- Copy the value displayed and store it somewhere safe
Send Authorization
- On the screen, Company Call API, open the Actionflow on the Call API button
- Click on the HTTP Action, Call API, to open its Properties
- In the Secret Key Details section, click
- Name: APIKey
- Enabled:
- Apply the changes
- Secret: click
- In the Secret field, paste the API Key you copied above
- Apply the changes
- In the Headers section, click
- Name:
Authorization
- Expression:
${_datasource.APIKey}
- Name:
- Apply the changes