Custom Authentication
Handling complex auth scenarios
To handle complex auth scenarios, in the Auth Settings create screen, select Manual Authentication.
Then create an Auth Token. That allows you to specify which exact headers and parameters to use for each API call using that token.
Note you can use variables (e..g. %%VARIABLE%% or VARIABLE) in these tokens.
You can also save values into the token to use as variables.
We also support an "EXPIRES_IN" value which will set the expire time to the current time plus the number of seconds of the integer value you specify. This allows us to use refresh token flows to ensure you always have a valid token.
Saving variables into an Auth Token
If you want to save variables into an auth token, first create an API call that receives the values you need. Then you can use the Conditions tab to extract the values. Here is a standard OAuth setup:
Now in the Webhook tag, you can pick "Save Auth Token" and specify which token to use. Now when this API runs, the variables that are extracted by conditions are saved into the access token.
Open Browser instead to handle User auth
If you want to use a user auth flow to sign in to get an access token, we can support that from a workflow. Here's a complex user auth flow - the last step is the URL that a user would have to open in the browser:
Here's the API call itself - note it is set up the same way as a standard call.
The difference is that it is tagged with apimetrics:browser from the Meta tab.
Now when this is run in a workflow by pressing the "Run Workflow" button, the API call is skipped, and your browser window will redirect to the required URL with the correct parameters.
Note that you will need to use the Save Auth Token webhook to save your intended Auth token.
Callback handler
In combination with redirecting your browser window to start the auth flow, the improved callback handler at https://client.apimetrics.io/tokens/callback allows you to provide a custom way to handle the callback in an auth flow.
Here's the callback page - it extracts the parameters passed to it in the URL, or from the URL fragment:
You can either continue with the token create wizard (if using the standard auth setups), or specify an API call or Workflow to run.
The API Call or Workflow will have the variables passed to them. Note that we automatically capitalize the variables, so access_token will map to ACCESS_TOKEN
Refreshing tokens automatically
If your access token expires and supports a means to refresh it, you can use the Refresh Token workflow setting to update your access token when needed. This workflow is triggered if the scheduler tries to run an API call and it finds the token being used is expired. It will stop and run the workflow to refresh the token before resuming.
Using manual auth, specify a Workflow in the Auth Settings edit page:
Here's an example workflow that refreshes an access token
Note that we save all the variables from the workflow into the token being refreshed.
Updated about 4 years ago