APIs are one of the most integral parts of software and the internet. Especially as API integrations enable the connection and communication between applications and expand a product’s capabilities.
They are however complex and no two APIs are the same. Nobody knows this better than our Connector Team Lead Ian Rimmer. Today he is going to discuss authentication and more specifically managed authentication.
At Cyclr, we encapsulate APIs into pre-built Connectors this means our users can access a library of over 500 ready-to-use Connectors with a range of end-points and methods.
What does authentication mean?
Firstly, authentication is the procedure of verifying the identity of an individual or an object.
Authentication concerning APIs refers to the process of verifying the identity of a user before making requests to the API. It ensures the API server knows who is calling its endpoints. This is done by validating credentials or tokens that assert the caller’s identity. Establishing trust for the caller and allowing access to its resources.
There are many many different authentication methods and flows that APIs can employ. This is based on the client app type, security needs, etc. Common methods include API keys, OAuth 2 (Code, Password, Client Credential), and basic, Client Certificate. API vendors also are known to have bespoke authentication protocols.
What is managed authentication and what does authentication look like within the Cyclr platform?
As an embedded integration platform, we need to ensure that there is enough flexibility in our system to handle all the different flavours of authentication that API vendors provide. Therefore it is our ambition to ensure that you can work with your clients as simply as possible while ensuring that they can set integrations without sharing credentials.
This means once a client’s credentials are entered they are stored using industry-standard encryption. So, to connect any system to an application you will need to obtain or set up the security credentials in the application and then pass this to the connecting system, in this case, Cyclr.
Therefore, when the client installs an integration template they will be asked to enter the authentication credentials. Once entered these will be encrypted and stored. The integration will now be set up and able to run. It is that simple.
If the client expires the credentials, simplify re-authenticate and you are off to the races again.
API Authentication Practical Examples
Username/Password Authentication
Our first practical API authentication example has to do with usernames and passwords. When a user is installing an integration they’ll be prompted to enter a username and password. As a result, it grants the Connector and integration access.
OAuth 2
Another practical example is OAuth 2 authentication. Within OAuth 2 there are 3 separate flows or types of authentication. These are code, password and client credentials.
First, the code flow is the most common and secure. This is because you have to specify a valid redirect URL when registering with the authorisation server. This adds an extra layer of API security as the applications server will check the credentials and call back to the Cyclr servers.
The most typical way applications enable this is via an “OAuth Application” that is set up in their portal. They can pre-set these credentials in Cyclr which means the client does not need to enter them or enter their own oAuth credentials.
Consider that in general a SaaS application uses oAuth as a two-stage process.
Stage 1:
- Identify the calling application and verify it has access to the application.
- Create an OAuth application by entering the Cyclr Callback (Redirect URL) URL.
- The OAuth application will generate a Client ID and secret.
Typically you can use this same OAuth Application for all your clients to access the same connector setting in your Cyclr Partner Portal. It will therefore only need to be done once and can take less than 5 minutes to complete.
Stage 2:
- Identify the user and access to their account resources and data is granted.
- On integration installation clients will be prompted to enter their username and password, granting the connector and integration access.
- The connector is now authenticated.
The great thing about Cyclr is that it will take care of refreshing their authentication. This means that once the integrations are up and running our servers take care of refreshing the API authentication tokens without the user’s intervention.
Find out more about API Authentication
APIs are tricky things and if you want to learn more about them and how Cyclr turns them into Connectors we have a regular webinar focused on discussing APIs.
Check our other API-related content
Otherwise, feel free to get in touch we are on hand to answer your API-related questions or show you how you can build integrations with them in our embedded integration platform, Cyclr.