REST Authentication

The HTTP Requestor supports the following authentication mechanisms:

  • Basic Authentication - simplest form of authentication (though unfortunately also the least secure). It uses a username and password and is built into the HTTP protocol.

  • API Key Authentication - uses a generated key. The key is long lived and is currently only supported in the Low-code Tools when passed via header. Currently passing the API key in the payload or via query parameter is not supported.

  • Token Based Authentication - also referred to as bearer authentication. There are many different implementations and the Low-code Tools currently supports a limited subset of the various authentication workflows.

  • Oauth2 Authentication - open authentication standard, defined in RFC 6749. Low-code Tools supports Client Credentials (recommended) and Resource Owner Password Credentials Grant (not recommended).

The Low-code Tools allow for custom authenticators to be defined using python. This is an advanced feature that can be leveraged to support authentication methods that are not currently available out of the box. See Custom Authenticators.

Supported Credential Types

Below are the supported credential types of the Low-code Tools.

  • Limited Credential Types (Basic Authentication Only)
    • Basic/Snippet

    • SOAP/XML Host

  • Fully Supported Credential Type
    • Low-code tools: rest v100

To create a new Low-code tools: rest v100 you must click Manage ‣ Credentials.

Note

The Low-code tools: rest v100 credential type cannot be accessed clicking System ‣ Manage ‣ Credentials. Editing an existing credential of this type from the page below will result in an error. Updates can only be accomplished by clicking Manage ‣ Credentials.

New Credential Editor

../../_images/low_code_tools_rest_v100.png

Old Credential Editor

../../_images/old_cred_view.png

Authenticators