Creating a vault entry from the Admin Console’s Settings | Auth Vault view is the first step to begin using auth info from your own server. A vault entry must also exist before another remote server can access the auth info.
- From the Admin Console’s Auth Vault section, create a new entry with the Create button . The Vault Entry Metadata screen appears.
- Enter an Alias name.
Alias can be any name you choose but should have some description in its name. “ShopifyToken” is a good example, as it combines the external Web application and the type of auth info. This Alias will later be identified in the Web Service Consumer object that you will use to call the external Web Service.
- Select the Environment.
The (Vault Entry) Environment represents different external application environments that you could potentially call with Clarify Web Services. An example may be using a sandbox versus a production environment. There are two default vault entry environment names provided with a Clarify server install: QA and PROD.
Note: If unsure as to what environment to select, always choose PROD.Note: If changing the load order and environment name of vaults this must be done before creating a vault entry. - Select the method to obtain the access token. Options include:
- OAuth 2.0: This utilizes an Open Authorization (OAuth) grant flow to authenticate the external application. Depending on the grant type indicated, different information must be provided as part of this Wizard option.
Note: Clarify supports OAuth 2.0 only.
- Manual: Select this when token information is obtained from outside of Clarify (not using an OAuth grant flow).
- Cloud Connector: Select when authenticating a Cloud Connector Project.
Note: this is a prerequisite step for creating a Cloud Connector Project.Based on the method selected, follow the steps outlined below.
Selecting manual authentication
Choosing the manual authentication method is necessary when not using the OAuth 2.0 spec. The steps described here take place after completing the first page of the Vault Entry Wizard.
- If using a refresh token, enable the checkbox and provide the token information.
- Select the type of authorization being used from the Auth Info drop-down.
Options include Bearer Token, Custom Header, Query Parameter, and Basic authorization.
Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request
Custom Headers are very similar to a Bearer token. But rather than putting a header that looks like:
Authorization: Bearer {Token} in the request that web service client makes, it puts a header that looks like this:
{Header Key}: {Token} where {Token} is the actual access token and {Header Key} is something specific to the API itself, such as "X-QuickBooks-Access-Token" or "x-weebly-access-token",etc.
Query parameters are a defined set of parameters attached to the end of a URL, and are used to help define specific content or actions based on the data being passed; sometimes authorization information is passed as a query parameter.
Note: This type is currently not supported in SOAP Web Services.The Basic Type uses Username and Password for authentication.
- After entering the required information for the selected authorization type, click Finish.
Result: the vault entry now appears in the Auth Vault view. Auth information can now be used by a connected server for Web Service calls.
Selecting OAuth 2.0 authentication
Using the OAuth 2.0 method utilizes one of the four grant types available through our Wizard. The steps described here take place after completing the first page of the Vault Entry Wizard.
- Select your grant type and provide information required for the request.
Options include:
- Authorization Code
- Implicit
- Password Credentials
- Client Credentials
Note: The application being authorized determines which grant type can be accepted. Reference applicable documentation for guidelines. - Enter the required authorization values for the selected grant type.
Note: Clarify requires certain parameters in order to proceed with authorization, which are displayed in bold. The external application however may require additional parameters not bolded in the Wizard. Always reference applicable documentation for guidelines.
- Select how Client Authentication is sent. Drop-down options include:
- Send as Basic Auth Header
- Send credentials in body
- Complete grant flow for authenticating communications. Once the request has completed, click Next to proceed.
- If selecting Authorization or Implicit grant flow types, you will be prompted to sign in to the actual application (which appears as a browser within the Wizard).
Note: A Switch mode button provides an alternate way to authorize the account. Selecting this option takes you to another screen which lets you paste the redirect URL from the external browser into the wizard. Clarify then validates. This is in response to issues related to older Web browsers, or when using a Studio running on Linux.
- Select the Auth Info. Options include Bearer Token, Custom Header, Query Parameter, and Basic authorization.
- Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request
- Custom Headers are very similar to a Bearer token. But rather than putting a header that looks like:
in the request that web service client makes, it puts a header that looks like this:Authorization: Bearer {Token}
where {Token} is the actual access token and {Header Key} is something specific to the API itself, such as "X-QuickBooks-Access-Token" or "x-weebly-access-token",etc.{Header Key}: {Token}
- Query parameters are a defined set of parameters attached to the end of a URL, and are used to help define specific content or actions based on the data being passed; sometimes authorization information is passed as a query parameter. This type is currently not supported in SOAP Web Services.
- The Basic Type uses Username and Password for authentication.
- Click Finish. The vault entry now appears in the Auth Vault view.
Selecting Cloud Connector authentication
Before you can create a Cloud Application Connector, a vault entry must first exist. The steps described here take place after completing the first page of the Vault Entry Wizard.
- Select the cloud application (Shopify, Salesforce, etc) that the vault will be used to authenticate.
- Enter the required authorization values for the particular Cloud App.
Note: Clarify requires certain parameters in order to proceed with authorization, which are displayed in bold. The external application however may require additional parameters not bolded in the Wizard. Always reference applicable API documentation for guidelines. This information is also summarized in the Before You Begin topics for each Connector.
- Complete grant flow for authenticating communications. This requires signing into the actual application with your required credentials (username/password).
A Switch mode button provides an alternate way to authorize the account. Selecting this option takes you to another screen which lets you paste the redirect URL from the external browser into the wizard. Clarify then validates. This is in response to issues related to older Web browsers, or when using a Studio running on Linux.
- Click Finish. The vault entry now appears in the Auth Vault view (Admin Console/Settings).
- OAuth 2.0: This utilizes an Open Authorization (OAuth) grant flow to authenticate the external application. Depending on the grant type indicated, different information must be provided as part of this Wizard option.
Comments
0 comments
Please sign in to leave a comment.