Community Spring Cleaning week is here! Join your fellow Maveryx in digging through your old posts and marking comments on them as solved. Learn more here!

Alteryx Designer Desktop Knowledge Base

Definitive answers from Designer Desktop experts.

Guide to Creating Your Own Connector - Authentication

TashaA
Alteryx Alumni (Retired)
Created

This guideis part of the "Guide to Creating Your Own Connector" series.

If the API that you are working with requires you to sign or authenticate your requests, it may utilize an implementation of OAuth 2.0 or another authentication method to show that you have the access needed to consume the web service. There are some key words that you can look for in the API documentation that you are using that will help you quickly choose the appropriate grant flow to use in Alteryx. Below is a list of many of the authentication methods you may encounter, along with whether they do or do not lend themselves to being used within an Alteryx workflow.

If the authentication method being implemented requires you to first grant authorization in order to receive an access token, that should be one of the very first steps of your process. This would involve you taking in the required set of credentials, and then passing that to the authorization service in order to exchange it for the token that will be used to authenticate your requests. If you are dependent on a response from an authorization service that contains the access token, you will need to parse the value out of the response and pass it to subsequent API calls that require it. If working with something like an API Key, or Basic authentication, you only need to do what is necessary to prepare the key, and then use it in the workflow in the appropriate place, either as a header or as a parameter on the query/payload.

  1. API Key - If working with a service that requires you to authenticate your requests with an API key, this can be added as a parameter to your query/payload.

download1.jpg


  1. Basic Authentication
    1. The implementation of this usually looks like [clientid:clientsecret] or [username : password] base 64 encoded and then prepended with "Basic" as the value for the header "Authorization".
    2. In your workflow, you can take in the client id and secret or username and password, and use the Formula tool to prepare the string for encoding. You can then use the base 64 encoder to encode the string, add “Basic” to the encoded string, and then use that as the value for an “Authorization” header in your Download tool


.download2.jpg


  1. OAuth - When working with an OAuth (1.0 or 2.0) grant flow, it is very important to look for an endpoint or method to send your client id/secret, or username/password to, in exchange for an authorization code or access token. This helps you avoid getting caught up in any grant flows that require you to redirect to another site or accept incoming HTTP requests in order to complete the authorization process. Working with one of these types of grant flows most often requires you to create/register an application with the service as well, which is then used to authenticate you as the client to the service. Keep this in mind when reviewing the API documentation, since implementation of this can vary by service.

    1. OAuth 1.0 - The initial implementation of OAuth provisions a few methods for authorization listed below. To read more about OAuth 1.0-view the RFC.
      1. Temporary Credentials - Requires a redirect URI, does not lend itself to Alteryx workflows.
      2. Resource Owner Authorization - Can be used within Alteryx workflows.
      3. Token Credentials - Can be used within Alteryx workflows.

    2. OAuth 2.0 - This spec provides many ways to obtain authorization, explained below, and then that authorization grant is then used to exchange for an access code/token to sign your requests with. To read more about OAuth2.0-view the RFC.
      1. Authorization Code Grant - Requires a redirect URI, does not lend itself to Alteryx workflows.
      2. Implicit Grant - Requires a redirect URI, does not lend itself to Alteryx workflows.
      3. Resource Owner Password Credentials Grant - Can be used within Alteryx workflows.
      4. Client-Credentials Grant - Can be used within Alteryx workflows.
Comments
TerryM
7 - Meteor

Hi Tasha,

 

Thank you for sharing. Can you please provide an example of how to implement basic authorization with get / put method? I don't fully understand where I should put the user name and password? in the value of Authorization under "Headers" tab?

 

Thank you in advance.

 

Terry

AABondel
5 - Atom

Hello Tasha, 

 

your posts are incredibly helpful! thank you.

but i have an issue with authorization.

i set the connection just like you described on "REST API In 5 Minutes-No Coding" but i keep getting the error: 401 Unauthorized

 
 

er.PNG

 

 

i tried also follow you articuule here but not fully understand where i should type in this encoded password.

 

from my understanding to get this connection but not only need api key but also credentials to our account in this platform (in my case this is campaignbreeze.com / https://app.campaignbreeze.com/docs/#)

and this credentials must be encoded and typed into Headers tab in download tool? am i right?

but how to do this? i did sth like this but it doesnt work:

 

 

erer.PNG

 

 

i would be very thankful for you help on this!

TashaA
Alteryx Alumni (Retired)

Hi @AABondel !

 

I looked at CampaignBreeze documentation, and I would advise following the 1st image in this blog post. The CampaignBreeze API leverages an api-key header, and doesn't use the 'Basic' header.

 

Your Download Tool configuration would look more like this: 

 
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Best,

Tasha

fpinchon
8 - Asteroid

Hi @TashaA , have you come across a good Alteryx macro for Oauth 1.0 authentification? 

I tried that one:

https://community.alteryx.com/t5/Alteryx-Designer-Discussions/OAuth-1-0-example-needed/td-p/36156

And that is really impressive work by @jarrod .

Alas it didn't work for the API I need (https://support.tripleseat.com/hc/en-us/articles/205820987-API-Authentication)...

I got the authentification to work with Postman and its OAuth 1.0 module, and the fields generated by the Macro look very similar. Yet, macro doesn't work... When I paste the authentification data generated by Postman in the Download tool, my workflow works, but not with the strings generated by the macro...

 

I can't tell where the Macro and Postman differ...

jarrod
ACE Emeritus
ACE Emeritus

@fpinchon Oauth 1.0 is very picky about the values being input since it deals with a hash. so any space/newline/value being used to create the hash will throw it off. when building that oauth macro, i actually first got a call to work in postman, grabbed that authorization hash, then created all of the combinations i could think of (including timestamp set to when i got the call to work) and found the one combination that worked. for me, the largest issue was what url was being used to create the signature. Port numbers threw it off for the gallery api... 

 

For api work, i also find a working call in postman then go to Code -> cURL and compare that text with how i have the download tool setup. 

fpinchon
8 - Asteroid

Thanks for the guidance @jarrod. I am stuck at that stage you describe, I get the working cURL script from Postman, and the output from your macro, and they look very very similar, but yes, it seems the signature gets rejected... The documentation for Oauth 1.0 is quite awful, so hard to tell what goes into the signature...

jarrod
ACE Emeritus
ACE Emeritus

yeah, creating that macro was a lot of guess and check since the documentation is lacking for OAuth1.0. I'd probably set up a few different scenarios and guess and check which versions are going to work. 

 

jarrod
ACE Emeritus
ACE Emeritus

@fpinchon the only other option i can think of is running oauth1.0 through triple seat's python library then pull that in to run the call through the download tool. 

Aditia
6 - Meteoroid

Alteryx Private Gallery API Runner API's @jarrod

 

I am trying to get data from rest API. I am keep getting 400 error after providing correct AUTH. Please help me out!!!!!!

 

 

 

Aditia_0-1648930545277.png

 

jarrod
ACE Emeritus
ACE Emeritus

@Aditia check the download data field it looks like there is an error message there that might help with your situation. Possibly a syntax error in your body. When that happens I typically Google the error code/description and see if that offers any clues.

Aditia
6 - Meteoroid

Thanks @jarrod