Configure integration authentication tokens

You can configure your integrations to programmatically retrieve authentication tokens using the properties provided by the integration model for the schema integration.

Two types of configurations are currently available:

password
clientCredentials

You must manually configure these in when you import an integration model.

Although Itential designed this feature to work for as many services as possible, not all services are compatible with the password or clientCredentials configuration. Check the service to see if these configurations are provided.

Property configurations

This section illustrates how to set the properties for the password and clientCredentials configuration.

The only difference between the two is the property name in the flows object, and the password flow includes a refreshUrl parameter.

Integration configurations

Depending on which configuration is used, you will see a specific configuration available on the Integration Details page. You will need to fill in the authentication fields in order for programmatic token retrieval to work properly.

For more detail on using integrations, see Managing integrations.

Authentication

The following parameters support authentication configuration.

Authentication parameter	Description
`client_id`, `client_secret`	Provided by the service in use. You must retrieve these from the service.
`username`, `password`	The account credentials to be used in the authentication.
`token_url`, `refresh_url`	The endpoints that the service provides to retrieve authentication tokens. These fields will be populated upon creating the integration instance if the values are provided in the OpenAPI specification.

Token

The following fields are included in the token property of the integration configuration.

Editing these fields is not recommended, unless you would like to manually enter an access_token as it worked in previous versions of Itential Platform.

Token parameter	Description
`access_token`, `refresh_token`	Authorization tokens used with the integration tasks. The `access_token` will be retrieved programmatically if the field is empty or if the token is expired. If present with the `refresh_url`, the `refresh_token` will be used to retrieve a new `access_token`.
`token_type`	Type of token to be utilized. The default value is `Bearer`.
`expires_in`	Length of time that the `access_token` will be valid.
`expires_at`	Time at which the token will expire. Upon calling an integration task, this value is used to check if a new token should be retrieved.
`created_at`	Time at which the `access_token` was created.
`scope`	Scope provided by the token.

Client credentials authentication configuration

Once all configurations are completed, you can utilize integration tasks seamlessly without needing to continuously reconfigure your integration. Once the token is retrieved programmatically, it is stored in the MongoDB database available in Itential Platform.