- 18 Oct 2024
-
DarkLight
-
PDF
Security Schemes and Tokens
- Updated on 18 Oct 2024
-
DarkLight
-
PDF
Security Schemes and Token Management
By default and upon import of an Integration Model, only a single security scheme is supported. Furthermore, the first scheme in the securityScheme
map will be selected automatically.
Supported Security Schemes
The following security schemes are supported:
apiKey
(including AWS)http
oauth2
The openIdConnect
scheme is NOT currently supported.
Once the Integration is created, an authentication object is added to the properties of the service configuration. This configuration corresponds to the security scheme type. Below is an example of the authentication format.
Important Notes:
- Currently IAP does NOT support any token management. You will need to manage the tokens for the security schemes.
- For Amazon Web Services (AWS), please ensure the
securityScheme
entry is anapiKey
and has the following extension:"x-amazon-apigateway-authtype": "awsSigv4"
.
"securitySchemes": {
"Authorization": {
"type": "apiKey",
"description": "Amazon S3 signature",
"name": "Authorization",
"in": "header",
"x-amazon-apigateway-authtype": "awsSigv4"
}
}
Example Security Schemes
Listed below are examples of each of the different security schemes that can be used with Integration Models. The property names API-Token
and Authorization
in the API Key and AWS examples come from the name of the securityScheme
property in the OpenAPI document.
API Key
"authentication": {
"API-Token": {
"value": "<INSERT API-Token HERE>"
}
},
AWS
"authentication": {
"Authorization": {
"accessKeyId": "<INSERT accessKeyId HERE>",
"secretAccessKey": "<INSERT secretAccessKey HERE>"
}
},
AWS Lambda
Certain AWS endpoints (i.e., AWS Sig4) may need a configured sessionToken. The Itential platform includes support for AWS Lambda, a custom extension to openAPI that requires a key/secret and a session token.
"authentication": {
"Authorization": {
"accessKeyId": "awsKeys.accessKeyId",
"secretAccessKey": "awsKeys.secretAccessKey",
"sessionToken": "awsKeys.sessionToken"
}
},
HTTP (Basic & Bearer)
Basic
"authentication": {
"httpBasic": {
"username": "<INSERT username HERE>",
"password": "<INSERT password HERE>"
}
},
Bearer
"authentication": {
"bearerAuth": "<INSERT bearerAuth HERE>"
},
Oauth2
"authentication": {
"oauth2": {
"token": {
"access_token": "<INSERT access_token HERE>",
"token_type": "Bearer"
}
}
},