AppsAdmin EssentialsIntegrations and modelsAuthentication

Understand auth security schemes

After you create an integration, a security scheme authentication object is added to the service configuration properties.

Supported security schemes

The following security schemes are supported:

  • apiKey (including AWS)
  • https
  • oauth2
  • mutualTLS
  • OpenIDConnectScheme

Considerations

  • Tokens must be self-managed.
  • For Amazon Web Services (AWS), ensure the securityScheme entry is an apiKey and has the following extension: "x-amazon-apigateway-authtype": "awsSigv4".
  • When you import an integration model, you can only a single security scheme is supported.
  • The first scheme in the securityScheme map is automatically selected.
1"securitySchemes": {
2  "Authorization": {
3    "type": "apiKey",
4    "description": "Amazon S3 signature",
5    "name": "Authorization",
6    "in": "header",
7    "x-amazon-apigateway-authtype": "awsSigv4"
8  }
9}

Example security schemes

Listed below are examples of each security scheme that can be used with Integration Models. The property names API-Token and Authorization in the API Key and AWS examples come from the name of the securityScheme property in the OpenAPI document.

API Key

1"authentication": {
2  "API-Token": {
3    "value": "<INSERT API-Token HERE>"
4  }
5}

AWS

1"authentication": {
2  "Authorization": {
3    "accessKeyId": "<INSERT accessKeyId HERE>",
4    "secretAccessKey": "<INSERT secretAccessKey HERE>"
5  }
6}

AWS Lambda

Certain AWS endpoints (i.e., AWS Sig4) may need a configured sessionToken. Itential Platform includes support for AWS Lambda, a custom extension to OpenAPI that requires a key/secret and a session token.

1"authentication": {
2  "Authorization": {
3    "accessKeyId": "awsKeys.accessKeyId",
4    "secretAccessKey": "awsKeys.secretAccessKey",
5    "sessionToken": "awsKeys.sessionToken"
6  }
7}

HTTP (Basic and Bearer)

Basic:

1"authentication": {
2  "httpBasic": {
3    "username": "<INSERT username HERE>",
4    "password": "<INSERT password HERE>"
5  }
6}

Bearer:

1"authentication": {
2  "bearerAuth": "<INSERT bearerAuth HERE>"
3}

OAuth2

1"authentication": {
2  "oauth2": {
3    "token": {
4      "access_token": "<INSERT access_token HERE>",
5      "token_type": "Bearer"
6    }
7  }
8}