Security Schemes and Tokens
  • 18 Oct 2024
  • Dark
    Light
  • PDF

Security Schemes and Tokens

  • Dark
    Light
  • PDF

Article summary

Security Schemes and Token Management

By default and upon import of an Integration Model, only a single security scheme is supported. Furthermore, the first scheme in the securityScheme map will be selected automatically.

Supported Security Schemes

The following security schemes are supported:

  • apiKey (including AWS)
  • http
  • oauth2

The openIdConnect scheme is NOT currently supported.

Once the Integration is created, an authentication object is added to the properties of the service configuration. This configuration corresponds to the security scheme type. Below is an example of the authentication format.

Important Notes:

  • Currently IAP does NOT support any token management. You will need to manage the tokens for the security schemes.
  • For Amazon Web Services (AWS), please ensure the securityScheme entry is an apiKey and has the following extension: "x-amazon-apigateway-authtype": "awsSigv4".
"securitySchemes": {
        "Authorization": {
            "type": "apiKey",
            "description": "Amazon S3 signature",
            "name": "Authorization",
            "in": "header",
            "x-amazon-apigateway-authtype": "awsSigv4"
        }
    }

Example Security Schemes

Listed below are examples of each of the different security schemes that can be used with Integration Models. The property names API-Token and Authorization in the API Key and AWS examples come from the name of the securityScheme property in the OpenAPI document.

API Key

"authentication": {
  "API-Token": {
    "value": "<INSERT API-Token HERE>"
  }
},

AWS

"authentication": {
  "Authorization": {
    "accessKeyId": "<INSERT accessKeyId HERE>",
    "secretAccessKey": "<INSERT secretAccessKey HERE>"
  }
},

AWS Lambda

Certain AWS endpoints (i.e., AWS Sig4) may need a configured sessionToken. The Itential platform includes support for AWS Lambda, a custom extension to openAPI that requires a key/secret and a session token.

"authentication": {
  "Authorization": {
    "accessKeyId": "awsKeys.accessKeyId",
    "secretAccessKey": "awsKeys.secretAccessKey",
    "sessionToken": "awsKeys.sessionToken"
  }
},

HTTP (Basic & Bearer)

Basic

"authentication": {
          "httpBasic": {
            "username": "<INSERT username HERE>",
            "password": "<INSERT password HERE>"
          }
      },

Bearer

"authentication": {
          "bearerAuth": "<INSERT bearerAuth HERE>"
      },

Oauth2

"authentication": {
  "oauth2": {
    "token": {
      "access_token": "<INSERT access_token HERE>",
      "token_type": "Bearer"
    }
  }
},

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.