Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
We need to tell Patchworks what authentication methods can be used when someone chooses to add an instance of your connector, for use in process flows.
Any authentication methods added here will be available to users when they choose to add an instance of this connector - for example:
Patchworks supports the following authentication types:
Please see Adding a new authentication method for general steps required to add a new authentication method for a connector.
You'll find detailed information about options and settings in the Authentication method options section, and step-by-step examples for each type in the Supported authentication types section.
The connector builder supports a range of authentication types. Before a connector can be used (i.e. before instances of it can be added for use in process flows) you must add at least one authentication method for your connector.
The steps and settings required will vary depending on which authentication type you choose to configure, but the general process is straightforward.
Please refer to your API documentation for specific authentication requirements for your own third-party application.
General steps are provided below, with links to detailed guidance for each of our supported authentication types.
Step 1 Click the add new authentication method button:
Step 2 You're prompted to enter some basic details for this authentication method:
Complete these details using the table below as a guide:
Step 3 Click the create button to confirm your updates. Basic details are saved and additional setup options are displayed over a series of 'metro stop' tabs - for example:
Step 4 Step through each tab and set configuration options as appropriate for your chosen authentication method.
For any authentication method, the following configuration options are available:
Any key pairs added to the body tab are passed into the request body for authentication requests - for example:
By adding these as key pairs to the body, we pass any values provided for these fields in the authentication request body.
Please refer to the authentication section of your API documentation for specific guidance about what (if any) values need to be passed in the authentication body.
Body parameters are added as key pairs. To add a body parameter, follow the steps below:
Step 1: Click the add new required body parameter button.
Step 2: Complete key pair details as required and save changes - for example:
The connector variables tab displays any i that you defined in - for example:
If you want to use any of these variables in this authentication method, click the use button:
This copies the variable into the auth variables tab - for example:
If you choose to use a connector variable- i.e. to copy it to the auth variables tab - but later change your mind - you can remove it by clicking the associated trash icon on the auth variables tab - for example:
This clears the connector variable from the auth variables tab but the original 'shared' connector variable remains available for future use.
The auth variables tab is used to define authentication variables for any values that you need users to provide when they choose to of this connector, for use in :
You also define how any provided values are passed in authentication requests - i.e. are they included in the API request URL, the header, or the body?
These are variables that are always required to authenticate using this authentication method. You can't remove or change the behaviour of these variables, but you can change the display name if required.
To add an auth variable, follow the steps below:
When you choose to use a connector variable, you'll see that it gets added to the auth variables tab - for example:
Step 2 Back in the auth variables tab, you can now add any other variables for information that you need to provide when they add an instance of this connector with this authentication method. To do this, click the add variable button:
When you add an auth variable and choose to make it required, you are effectively saying: 'When a user adds an instance of this connector, do not allow them to proceed without providing a value for this variable'.
When you add an auth variable and choose to make it only configurable by users, you are effectively saying: 'When a user adds an instance of this connector, allow them to provide a value for this variable if they have one but if they don't, let them proceed'.
Step 4: Click the save button.
In the Patchworks connector builder, variables must be defined in double curly brackets.
URL parameters are used to apply queries/filters to the authentication request URL:
Any parameters added here are appended to the authentication URL as a query.
In reality, it's unlikely that URL parameters will be commonly used when defining authentication methods however, you can absolutely add them if needed.
URL parameters are added as 'key pairs' - so you specify a 'key' (a valid field name for this API) and then the required value.
A URL parameter value can be static - for example:
In this case, the value would be appended to the request endpoint as a URL query with the value exactly as it is defined - for example:
...and when a process flow runs for this connector, associated API requests are injected with this value wherever a {{warehouseID}} variable is found. So, if we've added this variable in a URL parameter, as below:
...the resulting API request would include a parameter for whatever Warehouse ID the user entered when the instance being used was created.
Please refer to the API documentation for your underlying third-party application to find parameters that can be passed in authentication requests.
URL parameters are added as key pairs. To add a URL parameter, follow the steps below:
Step 1: Click the add new parameter button:
Step 2: Complete key pair details as required:
Step 3 Click the save button.
| Field | Summary |
|---|---|
In this example, we need to pass a number of credentials for OAuth 2 authorisation into the body. Notice that the values in this example are defined as variables. We've already defined for these items, which means users will be prompted to enter these details when of this connector for use in . So, required body parameter values will use values that users have provided when the instance being used was created.
The add option page is the same for all types of parameters that you may encounter in the connector builder. For information about these options please see the page.
For guidance on configuring parameters for specific authentication types, please see our section.
Body parameters are standard key pairs - techniques for working with these parameters are the same as those for working with header parameters, URL parameters, etc. For more information about these techniques, please see the page.
From here, the variable is treated like any other - you will need to set options to determine if/how this variable is displayed to users, and how any values for it should be passed in API requests for authentication.
Here, you define what fields a user will be asked to complete when they choose to , select and authentication method, and provide credentials. For example:
Having , any required variables for that method are listed by default - for example:
The display name is the name that users will see for this variable field, when they are of this connector.
Default auth variables are pre-configured to be passed into API requests as needed. For example, has one default parameter, which is pre-configured on the tab. If your requirements are different, you can change how/where these variables are used.
Step 1 Start by selecting the connector variables tab to check if there are any for this connector that you want to include. Any variables defined for the instance as a whole are shown here - click the use button for any that you wish to include as an auth variable - for example:
Step 3 Complete details and set options on the :
The add variables page is the same for all types of variables that you may encounter in the connector builder (for information about these options please see the page). However, it's worth noting the effect of setting required and configurable by user options in the context of auth variables:
Step 5 Having added a variable, make sure that you go on to define how any values captured for it should be passed in API requests. Typically, any user-provided variable that you define here would then be added to the , , the , or the for the authentication method.
If you add auth variables which require user-provided values but don't go on to add them to the authentication method's , , or the result will be that users are prompted to provide these details (if you ), but no action will be taken with that information.
Default auth variables (i.e. those which are displayed as soon as you add a new authentication method) are pre-configured to be passed into API requests as commonly needed. For example, has one default parameter, which is pre-configured on the tab. You can change where these are passed if needed.
A URL parameter value can be dynamic, using that you've previously defined for the authentication method. In the example below, we have an auth variable named warehouseID:
So, when a user of this connector, they are asked to provide a value for this field - for example:
The add option page is the same for all types of parameters that you may encounter in the connector builder. For information about these options please see the page.
For guidance on configuring parameters for specific authentication types, please see our section.
URL parameters are standard key pairs - techniques for working with these parameters are the same as those for working with header parameters, body parameters, etc. For more information about these techniques, please see the page.
The API documentation for the underlying third-party application should provide guidance about what variables can/should be passed in authentication requests. The example below is from :
The API documentation for the underlying third-party application should provide guidance about where/how authentication variables need to be passed in requests. The example below is from :
Enter a name
Enter the name to be displayed for this connector throughout Patchworks.
Select authentication type
Use the dropdown list to select the required authentication type. The selection made here determines subsequent settings and default options.
Post-request scripts are useful for manipulating the response data before displaying or using it. You can extract specific values, format data, or even perform calculations. This helps in preparing the response data for further requests, or for displaying in a more user-friendly manner.
For example, we might have a connector which expects API requests to be authenticated with a {{token}} value received in response to an authentication request. However, suppose that the authentication request response includes the required token value AND a client_id value in the same detail field - somehow we need to ensure that only the token element is injected into a {{token}} variable, to be used for authenticating subsequent API requests.
To achieve this, we could create a custom script to extract the the token element from the detail field and then apply this to the post-request script tab for the required authentication method.
Let's use the example scenario above to break down how post-request scripts work:
A custom script should be created which extracts the token element of the detail field and applies this as the {{variable}} value.
This script is applied to the post-request script tab for the appropriate authentication method.
A user adds an instance using this authentication method, and enters their username and password.
The authentication request is sent and a successful response is returned, with client id and token values in the same detail field.
The post-request script defined for this authentication method runs, extracting the token element from the detail field and injecting it into the {{token}} variable for the authentication method.
Both pre and post request scripts have an expected format, where the input expects two different keys:
payload - most commonly used, and contains the payload for the script.
variables - contains all authorisation variables, together with a hidden {{token}} variable (which is created after the authentication request is sent).
Any script that you want to apply must first be created as a custom script.
Step 1 Select the post-request script tab for your authentication method:
Step 2 Click in the select a script field and choose the script that you want to use - for example:
Step 3 Choose the script version that you want to use:
Step 4 Now you can review the script code to be applied and save changes:
If you need to change the script code, this should be done in the custom scripts area, then the updated script must be deployed.
Pre-request scripts allow you to modify authentication request parameters before sending the actual request. You can set dynamic values, compute signatures, or add headers based on specific conditions.
For example, you may have a third-party application which only accepts user passwords which are base 64 encoded. Expecting your users to know how to encode their password when they need to add connector instance for this application isn't always realistic, so a pre-request script can take care of this automatically.
Let's use the example scenario above to break down how pre-request scripts work:
A custom script should be created which takes a given password and performs base 64 encoding.
This script is applied to the pre-request script tab for the appropriate authentication method.
A user chooses to add an instance using this authentication method, and enters their username and password. Typically, an authentication request would be sent at this point - but NOT if a pre-request script is associated with the authentication method.
The pre-request script defined for this authentication method runs - any required values from authentication variables provided by the user are taken to manipulate the authentication request body as needed.
The authentication request is sent to to the given endpoint, including the manipulated body content.
Once the script has run, the authentication request is made, including the encoded password.
Both pre and post request scripts have an expected format, where the input expects two different keys:
payload - most commonly used, and contains the payload for the script.
variables - contains all authorisation variables, together with a hidden {{token}} variable (which is created after the authentication request is sent).
Any script that you want to apply must first be created as a custom script.
Step 1 Select the pre-request script tab for your authentication method:
Step 2 Click in the select a script field and choose the script that you want to use - for example:
Step 3 Choose the script version that you want to use:
Step 4 Now you can review the script code to be applied and save changes:
If you need to change the script code, this should be done in the custom scripts area, then the updated script must be deployed.
This page walks through the steps required to configure basic authentication for a connector.
Here, we're using WooCommerce as an example. General principles will be the same for any system that supports this authentication method but please refer to your own API documentation for specific setup requirements.
For this task, we'll be using techniques described in previous connector variables and authentication method options sections - we advise getting familiar with these before attempting steps detailed here.
Ensure that you have API documentation to hand, for your third-party application.
Ensure that you have all required credentials for testing.
We recommend using Postman to test any authentication methods that you're adding for a connector.
Step 1 Check the API documentation for the third-party application that you're using - confirm that basic authentication is supported, and for any special requirements.
For our example, we can see that basic authentication is permitted and that we need to pass consumer_key as the username and consumer_secret as the password:
Step 2 Log in to the Patchworks dashboard and navigate to process flows > connectors & instances, where all of your installed connectors are shown. From here, access settings for the connector that you need to update with a new authentication method - for example:
If you're building a new connector, you can pick up these steps when you reach the authentication section of the connector builder.
Step 3 Access authentication details:
Step 4 Click the add new authentication method button:
Step 5 Complete basic details for this authentication method - ensure that you set the authentication type to basic and enter the required URL from your API documentation. Click the create button when you've finished, for more configuration options - for example:
Step 6 By default, the basic authentication type includes two required auth variables - username and password:
These are known variables that a user must provide to authenticate an instance of this connector using basic authentication. You can also add more auth variables if required.
If your API documentation requires users to provide an actual username and password to authenticate this connector, these can be left as they are. However, many APIs expect alternative information to be passed as these fields.
Taking our example, the WooCommerce API documentation states that a consumer key should be provided as the username and a consumer secret should be provided as the password:
As such, we need to rename the default username and password fields. To do this, click the field name and update the display name as appropriate - we do this for both username and password:
If required, you can add more auth variables here.
Some APIs are case sensitive when it comes to adding variables - be sure to enter key names exactly as they are specified in API documentation.
Step 7 With username and password fields renamed (or not) as required, we now need to define where any information that users provide for these fields should be injected into the API request. For basic authentication, these details are always passed in request headers.
To set this up, click the header tab, followed by the add new header button.
Step 8 You can now enter your authentication options as key pairs:
Here, the key is the name of the parameter that you're passing in as the username / password, as defined in the API documentation for your third-party application. Taking our example, we know that the consumer_key is required for username and consumer_secret is required for password:
So, our key pair for username would be defined as follows (injecting consumer_key information into the {{username}} variable:
And our key pair for password would be defined as follows (injecting consumer_secret information into the {{password}} variable:
Step 9 This completes our setup for basic authentication. Now, when someone chooses to add an instance for this connector, basic authentication will be an option that they can choose. If selected, the user will then be prompted to enter a username and password - or in the case of our example - a consumer key and a consumer secret:
When you configure a process flow connection shape to use a given instance, you can then choose from a list of available endpoints. For example:
This list will only include endpoints for which the same authentication method is enabled, as was used to add/authenticate the selected instance.
So, having added a new authentication method, you must enable it for any connector endpoints that you might want to use with instances that are added using this authentication method.
Any key pairs added to the header tab are passed into authentication request headers - for example:
In this example, we've already defined two auth variables for username and password, so users will be prompted to enter these details when adding an instance of this connector for use in process flows.
How we then pass this information into API requests is determined by the API documentation for the underlying third-party application. Often, these details are passed in request headers, but sometimes it will be via the request body.
By adding these as key pairs to the header, we pass any values provided for these fields in the authentication request headers.
You should refer to the authentication section of your your API documentation for specific guidance about what (if any) values need to be passed in authentication request headers. For example, in Shopify, it's noted that we need to send two values in the request header - Content-Type and Shopify-Access-Token:
When an authentication method is applied for an endpoint, any header/body parameters specified for the authentication method are also sent in the endpoint requests.
Header parameters are added as key pairs. To add a header parameter, follow the steps below:
Step 1: Click the add new header button:
Step 2: Complete key pair details as required and save changes:
The add option page is the same for all types of parameters that you may encounter in the connector builder. For information about these options please see the Working with parameters page.
For guidance on configuring parameters for specific authentication types, please see our Supported authentication types section.
Header parameters are standard key pairs - techniques for working with these parameters are the same as those for working with body parameters, URL parameters, etc. For more information about these techniques, please see the Working with parameters page.
Basic authentication is the simplest (though not the strongest) method for authenticating API requests.
With basic authentication, a username and password are sent in the HTTP header of each API request, to authenticate a client application (in this case, Patchworks) and grant access to the associated resource.
Be aware that username and password are just labels for two pieces of information that must be provided in the header to authenticate API requests with basic authentication.
Some third-party applications WILL look for a username and password but others may require something else - for example, application id and API key. This is fine - it’s still basic authentication - we just need to configure basic authentication variables to use different display labels.
Here's how basic authentication works:
The client-server (i.e. Patchworks) sends an API request to the required third-party application server (e.g. Shopify). The request includes username and password authentication credentials in the HTTP header of the request, encoded in Base64 format.
Upon receipt of the request, the third-party application server extracts authentication credentials from the header. It then validates these credentials by comparing them with the stored user credentials in its own system/database.
If the credentials provided are valid, the third-party application server grants access to the requested resource. If the credentials are invalid or missing, the third-party application server denies access and returns an appropriate error response.
If you'd like more detailed information about how token authentication works, there's some great background information on the Postman website.
When a Patchworks user adds an instance of a connector and chooses to authenticate with basic authentication, they will see something similar to the example below:
It can be useful to compare how existing connectors have been configured for token-based authentication. The Patchworks marketplace includes many connectors that are configured to use this authentication type - a few examples are linked below:
You can install any of these for comparison.
This page walks through the steps required to configure token authentication for a connector.
Here, we're using as an example. General principles will be the same for any system that supports this authentication method but please refer to your own API documentation for specific setup requirements.
For this task, we'll be using techniques described in previous and sections - we advise getting familiar with these before attempting the steps detailed here.
Ensure that you have API documentation to hand, for your third-party application (we're using as an example).
Ensure that you have all the required credentials for testing.
We recommend using to test any authentication methods that you're adding for a connector.
Step 1 Check the API documentation for the third-party application that you're using - confirm that token authentication is supported and for any special requirements. Looking at the authentication section in Shopify's API documentation, there are three key points to note:
Whilst OAuth is the authentication method used to generate tokens when Shopify custom apps are installed, we've retrieved our generated token from the Shopify admin portal and will use this to set up token-based authentication.
We must pass our token into request headers, via a parameter called X-Shopify-Access-Token .
All requests must include a store_name value.
If you're building a new connector, you can pick up these steps when you reach the authentication section of the connector builder.
Step 3 Access authentication details:
Step 4 Click the add new authentication method button:
Step 5 Complete basic details for this authentication method - ensure that you set the authentication type to token-based and enter the required URL from your API documentation. Click the create button when you've finished, for more configuration options - for example:
Some APIs are case-sensitive when it comes to adding variables - be sure to enter key names exactly as they are specified in API documentation.
Step 7 Now we need to define where information that users provide for these fields should be injected into the authentication requests.
You can edit this option as needed - or remove it from the header altogether if your API documentation requires an alternative approach for passing in tokens.
At the very start of this exercise, we noted that our Shopify token must be passed into request headers via a parameter called X-Shopify-Access-Token . So, we can edit the default authorisation option to reflect this:
Don't forget to save any changes that you make.
To do this:
Click the connector variables tab.
Click the use button associated with the variable we want to use for our new authentication method.
That variable is added to token-based authentication as an auth variable.
Step 9 This completes our setup for token-based authentication. Now, when a user adds an instance of this connector and chooses to use this authentication method, they are prompted to provide all required/configurable authentication variables (in our example, store name and token).
This list will only include endpoints for which the same authentication method is enabled, as was used to add/authenticate the selected instance.
OAuth 2 is a protocol which allows users to grant limited access to their resources/data in an application or service (e.g. NetSuite), to another application or service (in this case, Patchworks) without ever sharing their login credentials.
The authentication flow and associated configuration for OAuth 2 vary according to which grant type is used. Patchworks supports the following OAuth 2 grant types:
OAuth 2 provides a more streamlined, standardised approach than - it’s easier to implement and more suitable for a wide range of applications.
This page walks through the steps required to configure OAuth 2 authentication (authorisation code flow) for a connector.
Here, we're using as an example. General principles will be the same for any system that supports this authentication method but please refer to your own API documentation for specific setup requirements.
For this task, we'll be using techniques described in previous and sections - we advise getting familiar with these before attempting steps detailed here.
Ensure that you have API documentation to hand, for your third-party application (we're using as an example).
Check the documentation for your third-party application and ensure that any in-app setup required for OAuth 2 has been completed. For example, includes a section on tasks that administrators must complete to support OAuth 2 for integrations.
Ensure that you have all required OAuth 2 credentials for testing.
We recommend using to test any authentication methods that you're adding for a connector.
When specifying redirect URIs for OAuth 2, the following values can be used:
| Environment | URI |
|---|
Step 1 Check the API documentation for the third-party application that you're using - confirm that OAuth 2 authentication (authorisation code flow) is supported, and for any special requirements.
If you're building a new connector, you can pick up these steps when you reach the authentication section of the connector builder.
Step 3 Access authentication details:
Step 4 Click the add new authentication method button:
Step 5 Complete basic details for this authentication method - ensure that you set the authentication type to OAuth 2 authorisation code and enter the required URL(s) from your API documentation.
For OAuth 2 (authorisation code) authentication, two URLs are required. The first (URL) is the authentication endpoint and the second (Additional URL 1) is the authorise endpoint. Please refer to your API documentation for these values.
Click the create button when you've finished, for more configuration options - for example:
Some APIs are case sensitive when it comes to adding variables - be sure to enter key names exactly as they are specified in API documentation.
To do this:
Click the connector variables tab.
Click the use button associated with the variable we want to use for our new authentication method.
That variable is added to this authentication method as an auth variable.
Step 8 Next, we need to confirm/change where any information that users provide for auth variables should be injected into authentication requests.
Default auth variables are pre-configured to be passed into API requests, as most commonly needed. For example, if we check the URL parameters tab now, we'll see that some of our user-provided auth variables have been added automatically:
And if we check the body tab now, we'll see that remaining user-provided auth variables have been added automatically:
Check the API documentation for your third-party application and ensure that all required auth variables have been added, and are being passed in the right place. Don't forget to save any changes that you make.
This list will only include endpoints for which the same authentication method is enabled, as was used to add/authenticate the selected instance.
Step 2 Log in to the and navigate to process flows > connectors & instances, where all your installed connectors are shown. From here, access settings for the connector that you need to update with a new authentication method - for example:
Step 6 By default, the token-based authentication type includes one required - token:
These are known variables that a user must provide to using this authentication method. Mandatory variables are locked however, you can if required.
If required, you can add more here.
Commonly, tokens are passed into request - as such, a default authorisation option is ready to use:
We leave the value set to {{token}}, so when a user of this connector using token-based authentication and provides a valid token, the value they provide will be injected into this variable and passed in the request header:
Step 8
Remember that at the very start of this exercise, we noted that a store_name value must be passed in the URL for all Shopify API requests. To achieve this, we need to ask users to provide a store_name value when they of this connector using token-based authentication (in addition to the token value we defined earlier).
We already have a store_name defined, so we can choose to 'use' it as an for token-based authentication:
Every API will have its own requirements for variables that are required in addition to a {{token}}. In our example, we already had a store_name variable ready to use but you can add new and/or variables as needed.
When configuring a to use a given instance, you can choose from a list of available . For example:
So, having added a new authentication method, you must .
Step 2 Log in to the and navigate to process flows > connectors & instances, where all of your installed connectors are shown. From here, access settings for the connector that you need to update with a new authentication method - for example:
Step 6 By default, the OAuth 2 authorisation code type includes a range of default :
These are known variables that a user must provide to using this authentication method.
Mandatory variables are locked however, you can if required. You can also add more here if needed.
Step 7 Now we'll check to see if there are any shared that need to be used as auth variables.
In our example, we need to use the accountid connector variable for authentication, because this is a user-provided value that forms part of our authentication request URL path (defined in step 5). So, we can simply choose to use the accountid connector variable as an for this authentication method:
Every API will have its own requirements for variables that are required for authentication with a given method. Remember that you can add new and/or variables as needed.
Step 9 This completes our setup for OAuth 2 authorisation code authentication. Now, when a user of this connector and chooses to use this authentication method, they are prompted to provide all required/configurable authentication variables. Upon confirmation, they will be directed to your third-party authorisation server and asked to authorise access - then redirected back to Patchworks.
When you configure a to use a given instance, you can then choose from a list of available . For example:
So, having added a new authentication method, you must .
This is a placeholder page - please check back later!
Staging |
Production |
The OAuth 2 client credentials flow allows client applications (i.e. Patchworks) to authenticate and obtain access to resources, without involving specific user intervention.
The exact mechanism used for client credentials authentication depends on the implementation of the authorisation server for the system in question, but a common mechanism is client secret.
This is where a client application (in this case, Patchworks) authenticates itself by sending its unique client identifier and client secret to the authorisation server, and receives a token in response.
If you'd like more detailed information about how OAuth 2 client credentials authentication works, there's some great background information on the Postman website.
It can be useful to compare how existing connectors have been configured for OAuth 2 (client credentials) authentication. The Patchworks marketplace includes many connectors that are configured to use this authentication type - a few examples are linked below:
You can install any of these for comparison.
Token-based authentication allows users to verify their identity with a third-party server using a token. This is a more secure approach than basic authentication because username and password credentials are never passed in API requests.
Token-based authentication works by authenticating with a token that you already have available - perhaps it was given to you by a third-party application provider, or you have generated a token from the API - it doesn't matter how you obtain the token.
If you'd like more detailed information about how Token authentication works, there's some great background information on the Postman website.
When a Patchworks user adds an instance of a connector and chooses to authenticate with token-based authentication, they will see something similar to the example below:
It can be useful to compare how existing connectors have been configured for token-based authentication. The Patchworks marketplace includes many connectors that are configured to use this authentication type - a few examples are linked below:
You can install any of these for comparison.
The OAuth 2 authorisation code flow requires a user (in this case, a Patchworks user, adding a connector instance for use in process flows) to log into an authorisation server and grant permission for Patchworks to access the required data.
When a Patchworks user adds an instance of a connector and chooses to authenticate with OAuth 2 (authorisation code) they are directed to the authorisation server for a third-party service, where they log in and 'allow' requested access. A sample user journey for NetSuite is shown below:
Here, we:
Add an instance and confirm credentials.
Are redirected to NetSuite, where we log in.
Are presented with information about what access is being requested, and choose to proceed.
Return to the Patchworks connector page, where our new NetSuite instance is added and ready to use in process flows.
If you'd like more detailed information about how OAuth 2 authorisation code authentication works, there's some great background information on the Postman website.
When setting up OAuth 2 (authorisation code) authentication, two URLs are required. The first (URL) is the authentication endpoint and the second (Additional URL 1) is the authorise endpoint.
The following example is for a NetSuite implementation - please check your API documentation for your own required values:
When specifying redirect URIs for OAuth 2, the following values can be used:
It can be useful to compare how existing connectors have been configured for OAuth 2 (authorisation code) authentication. The Patchworks marketplace includes many connectors that are configured to use this authentication type - a few examples are linked below:
You can install any of these for comparison.
Typically, users need to provide valid authentication credentials for any instance of a connector that they add - when the instance is created, Patchworks checks that the credentials are valid and if they are, the instance is created.
However, there may be times where you wish to allow users to add an instance without providing any authentication credentials - perhaps you're connecting to a public-facing system, or to a Postman mock server (for example).
When a Patchworks user adds an instance of a connector and chooses to authenticate with a configured no auth authentication method, they are not prompted to enter any credentials. Instead, they go directly to finalising the instance - for example:
This page walks through the steps required to configure no auth authentication for a connector.
Step 1 Log in to the Patchworks dashboard and navigate to process flows > connectors & instances, where all of your installed connectors are shown. From here, access settings for the connector that you need to update with a new authentication method - for example:
If you're building a new connector, you can pick up these steps when you reach the authentication section of the connector builder.
Step 2 Access authentication details:
Step 3 Click the add new authentication method button:
Step 4 Complete basic details for this authentication method - ensure that you set the authentication type to no auth (public) - for example:
Step 5 You don't need to add any settings under authentication setup - although if you want users to provide variable values when they add instances for this connector, or pass in header/body content, etc. then you can update these tabs:
Step 6 Save changes.
This page is in development.
OAuth 1.0 involves the use of cryptographic signatures for message integrity and verification. It requires the consumer (in this case, Patchworks) to sign API requests using a consumer secret, which is provided by the service provider. The service provider verifies these signatures to ensure the integrity of the requests.
Patchworks supports the following signature methods:
HMAC-SHA256
OAuth 1.0 has been largely superseded by .
Here's how OAuth 1 authentication works:
It can be useful to compare how existing connectors have been configured for OAuth 1 authentication.
This page walks through the steps required to configure OAuth 2 authentication (client credentials flow) for a connector.
Here, we're using as an example. General principles will be the same for any system that supports this authentication method but please refer to your own API documentation for specific setup requirements.
For this task, we'll be using techniques described in previous and sections - we advise getting familiar with these before attempting steps detailed here.
Ensure that you have API documentation to hand, for your third-party application (we're using for this example).
Check the documentation for your third-party application and ensure that any in-app setup required for OAuth 2 has been completed.
Ensure that you have all required OAuth 2 credentials for testing.
We recommend using to test any authentication methods that you're adding for a connector.
Step 1 Check the API documentation for the third-party application that you're using - confirm that OAuth 2 authentication (client credentials code flow) is supported, and for any special requirements.
Step 2 Log in to the and navigate to process flows > connectors & instances, where all of your installed connectors are shown. From here, access settings for the connector that you need to update with a new authentication method - for example:
If you're building a new connector, you can pick up these steps when you reach the authentication section of the connector builder.
Step 3 Access authentication details:
Step 4 Click the add new authentication method button:
Step 5 Complete basic details for this authentication method - ensure that you set the authentication type to OAuth 2 client credentials and click the create button.
The following parameters are required for the OAuth 2 client credentials flow, and are configured to be displayed to users when they attempt to add an instance for this connector:
Step 7 Check your API documentation for any additional parameters that are required for authentication - do you need users to provide any additional information to authenticate instances of this this connector?
Some APIs are case sensitive when it comes to adding variables - be sure to enter key names exactly as they are specified in API documentation.
Also check your API documentation for any query parameters required for this URL and add them as needed.
Depending on the authentication method, you may find that some default authentication and/or other variables have been added as URLparameters, automatically. For OAuth 2 (client credentials) there are no default URL parameters.
For OAuth 2 (client credentials), a content-type parameter is added by default, with a value of application/x-www-form-urlencoded. Check your API documentation - if necessary you can change this value.
Depending on the authentication method, you may find that some default authentication and/or other variables have been added as bodyparameters/content, automatically. For OAuth 2 (client credentials) there is no defaultbodycontent.
| Environment | URI |
|---|---|
Since OAuth 2 has largely taken over from OAuth 1, there aren't many examples in the Patchworks marketplace however, you will find both OAuth 1 and OAuth 2 defined for our . You can install this for comparison.
Step 6 Authentication variables are displayed. By default, the OAuth 2 client credentials type includes a range of default :
These are known variables that a user must provide to with this authentication method.
| Name | Default value | Notes |
|---|
In each case, you can change the parameter name, default value and settings for how the field is made available to users when they choose to . You cannot change the parameter key.
Step 8 Select the tab and provide a request URL for authentication - you'll find this in your API documentation:
Step 9
Select the tab and add any authentication variables that need to be passed in the authentication request header - you'll find this in your API documentation:
Step 10 Select the tab and add any authentication parameters/content to be passed in the authentication request body - you'll find this in your API documentation.
Step 11 This completes our setup for OAuth 2 (client credentials) authentication. Now, when a user of this connector and chooses to use this authentication method, they are prompted to provide all required/configurable authentication variables.
If an authentication variable is required elsewhere in the connector setup (for example, we know that the url variable is required for authentication AND endpoint requests) it's worth adding it to the tab once and then choosing to 'use' it wherever needed in the connector setup.
Production
Scope |
| If your API documentation does't direct you to add a specific value, leave the default value of |
Grant type |
| If your API documentation does't direct you to add a specific value, leave the default setting of |
Client ID | None | A |
Client secret | None | A |
Response authentication token key |
| If your API documentation does't direct you to add a specific value, leave the default value of |
1 | Consumer registration | Resource owner/user | The Patchworks customer completes the consumer registration process with the third-party application service provider. During registration, the consumer obtains a unique consumer key and consumer secret. |
2 | User initiation | Resource owner/user |
3 | Token request | Consumer/client(Patchworks) | A request is sent to the service provider's token endpoint. This request includes a signature (generated by Patchworks), the consumer key, and a callback URL (where the user will be redirected after authentication). |
4 | User authentication | Service provider/ authorisation server | The service provider validates the request and authenticates the user. If the user is not already logged in, they are prompted to enter their credentials on the service provider's website. |
5 | Request token issued | Service provider/ authorisation server | After successful authentication, the service provider issues a request token, confirming approved access for Patchworks to access the user's resources. |
6 | User authorisation | Resource owner/user | The user is presented with a permission prompt by the service provider. The prompt explains what access the consumer is requesting and asks the user to grant or deny permission. |
7 | Redirect to consumer | Service provider/ authorisation server | When the user grants permission, the service provider redirects the user back to the Patchworks callback URL, together with the request token and additional parameters. |
8 | Access token request | Consumer/client(Patchworks) | Patchworks receives the request token and sends a request to the service provider's token endpoint, including the request token, consumer key, signature, and other necessary parameters. Note that the signature is the same signature that was used in step 3. |
9 | Access token issued | Service provider/ authorisation server | The service provider validates the request token and consumer credentials. If everything is OK, the service provider issues an access token and an access token secret to Patchworks. |
10 | Resource access | Consumer/client(Patchworks) | The consumer can include the access token in API requests to the service provider, to access the user's protected resources. |
The user initiates the authorisation process by clicking on a login or authorisation button in the client application - in this case, .
.svg?alt=media&token=ddeb7ae5-d7c7-46f5-baf3-55a3d5b1478f)
