Authentication methods

Authentication in Data Integration

This topic explains how to authenticate your API connections in Data Integration using various authentication methods. Data Integration supports OAuth 2.0, basic authentication, bearer tokens, and provides secure token management for all methods.

Supported authentication methods

Method	Use Case
basic_http	Simple username/password authentication
bearer	Static bearer tokens
oauth2	Secure token-based flows (e.g., client credentials, refresh token, etc.)

Authentication parameters

Purpose: Manage secure API connections.

Authentication parameters define how a connector will authenticate API calls. These can include basic authentication, token-based authentication, or Bearer token authentication.

Basic authentication example

- name: "connectToAPI"
  type: "authentication"
  auth_type: "basic_http"
  fields:
    - name: "username"
      type: "string"
      value: "your_data_integration_mail"
    - name: "password"
      type: "string"
      value: "look at 1password"

Token-Based authentication example

- name: "connectToAPI"
  type: "authentication"
  auth_type: "bearer"
  fields:
    - name: "bearer_token"
      type: "string"
      value: "your_bearer_token"

How it works in YAML:

• The connectToAPI parameter contains authentication details.

• The fields section includes credentials such as usernames, passwords, API keys, or tokens.

• The auth_type specifies the authentication method (basic_http, bearer, etc.).

OAuth 2.0 authentication

Data Integration supports multiple OAuth 2.0 flows and automatically manages token acquisition, refresh, and injection into your API calls.

Supported OAuth 2.0 flows

Flow	When to Use
client_credentials	Server-to-server APIs (no user login)
refresh_token	Long-running user-authorized applications
authorization_code	Applications with user login & redirection

OAuth2 YAML configuration example

Client credentials

interface_parameters:
  section:
    source:
      - name: "my_api_auth"
        type: "authentication"
        auth_type: "oauth2"
        oauth2_settings:
          grant_type: "client_credentials"
          token_url: "https://auth.example.com/token"
          is_basic_auth: false
        fields:
          - name: "client_id"
            type: "string"
            value: "your_client_id"
          - name: "client_secret"
            type: "string"
            value: "your_client_secret"
            is_encrypted: true

With basic auth

oauth2_settings:
  grant_type: "client_credentials"
  token_url: "https://api.example.com/token"
  is_basic_auth: true

Refresh token

oauth2_settings:
  grant_type: "refresh_token"
  token_url: "https://auth.example.com/token"
fields:
  - name: "refresh_token"
    value: "your_refresh_token"
    is_encrypted: true

Authorization code

oauth2_settings:
  grant_type: "authorization_code"
  token_url: "https://auth.example.com/token"
fields:
  - name: "code"
    value: "your_auth_code"
  - name: "redirect_uri"
    value: "https://yourapp.com/callback"

OAuth2 parameter reference

OAuth2 settings

Key	Required	Description
grant_type	Yes	OAuth flow type (client_credentials, refresh_token, authorization_code)
token_url	Yes	URL to obtain the access token
is_basic_auth	No	Sends client credentials via Authorization header (default: false)

Fields

Name	When	Required Description
client_id	Always	Your app's client ID
client_secret	Always	Your app's client secret
refresh_token	For refresh_token flow	Token obtained from previous login
code	For authorization_code	Code received after redirect login
redirect_uri	For authorization_code	Redirect URI used in authentication

Security & token handling

• Data Integration automatically refreshes tokens before they expire.

• Supports token expiry detection via expires_in, exp, or expires_at.

• If no expiry is defined, the default is 1 hour.

Encrypt Your Secrets

Always mark secrets as encrypted:

- name: "client_secret"
  value: "your_secret"
  is_encrypted: true

Basic auth format

Without basic auth

grant_type=client_credentials&client_id=xxx&client_secret=yyy

With basic auth

Authorization: Basic base64(client_id:client_secret)
grant_type=client_credentials

Error messages and fixes

Error	Fix
Token refresh failed	Verify your refresh token
Refresh token required	Ensure refresh_token field is present
Connection issue	Check token URL or network configuration

Best practices

Always set is_encrypted: true for sensitive values like client_secret and refresh_token. Use descriptive name fields for maintainability. Test with a static token first to validate base connectivity before configuring full OAuth. Document which authentication type is required for each connector clearly.