Credential endpoints allow you to manage custom authentication strategies for your organization's destinations. Destinations are the endpoints in your system that receive data from Redox.
You may choose custom authentication for your destinations if you want more secure authentication credentials for any data coming into your system.
With this set of Platform API endpoints, you can:
- retrieve a list of existing auth credentials for an environment;
- retrieve one auth credential by its ID;
- retrieve a list of supported auth strategies;
- create a new auth credential;
- update an existing auth credential; or
- delete an existing auth credential.
Create auth credential
Create a new auth credential that you can use to verify your destination(s).
The response contains details of the new auth credential but doesn't include any secret values. Instead, secrets are replaced with boolean fields that indicate whether a secret value exists with a true or false value. The field name has the format of has<PropertyName>.
cURL request example
Request Body Schema
- organizationrequired, number
Contains your unique Redox organization identifier.
- namerequired, string
Displays the name of the auth credential.
- environmentIdrequired, string
Identifies the specific environment that the auth credential is used in.
- grantTyperequired, string
Indicates the method that's used to grant access to and authenticate the OAuth client. Redox only supports
client_credentials
. - urlrequired, string
Contains the authorization server URL, where the authorization request is sent.
- clientIdrequired, string
Identifies the OAuth client. This value is assigned by the authorization server.
- authStrategyrequired, string
Indicates the specific strategy type that this auth credential belongs to.
Value:OAuth_2.0_2-legged
- audiencestring
Indicates the system that should consume the auth credentials. This field isn't required but is sent in the
audience
field of the authorization request when populated. - scopesstring
Defines the scope or access granted with the authentication credentials. This field isn't required but is sent in the
scope
field of the authorization request when populated. - grantTypeNamestring
Contains the property name for the
grant_type
field in the authorization request. The default value isgrant_type
. This field is an advanced option that should be used if the authorization server expects something other thangrant_type
. - refreshGrantTypestring
Indicates the value sent in the
grant_type
field. This must be set when requesting a refresh token. Refresh tokens aren't often used with aclient_credential
grant. - clientIdNamestring
Contains the property name for the
client_id
field in the authorization request. The default value isclient_id
. This field is an advanced option that should be used if the authorization server expects something other thanclient_id
. - accessTokenNamestring
Contains the property name for the
access_token
field in the authorization response. The default value isaccess_token
. This field is an advanced option that should be used if the authorization server responds with something other thanaccess_token
. - expiresFieldNamestring
Contains the property name for the
expires_in
field in the authorization response. The default value isexpires_in
. This field is an advanced option that should be used if the authorization server responds with something other thanexpires_in
. - refreshTokenNamestring
Contains the property name for the
refresh_token
field in the authorization response. The default value isrefresh_token
. This field is an advanced option that should be used if the authorization server responds with something other thanrefresh_token
. - contentTypestring
Defines the default type of payload for requests coming into your system with this auth credential. This value is located in the header of incoming API requests. The default value is
application/x-www-form-urlencoded
. - noBasicstring
Some servers expect a basic auth header, including the client ID and secret, in the authorization request. The default behavior is to always send the basic auth header. Setting this field to
true
excludes the basic auth header from the request. - resourcestring
Identifies a specific resource that the OAuth client is requesting access to. This field isn't required but is sent in the
resource
field of the authorization request when populated. - customFieldNamestring
Defines an additional field that the OAuth client can send in the authorization request, either in the header or body. To add a custom field to the header, it must start with
headers.
, otherwise it will appear in the body. - customFieldValuestring
Contains the value of the
customFieldName
, which is sent in the authorization request. - defaultExpirationSecondsstring
Defines the number of seconds that the access token is valid, if used. This field is only used if the authorization server doesn't send an expiration value in the response.
- clientSecretstring
Contains the secret value assigned by the authorization server.
This is an authentication strategy type that uses an OAuth client, authorization server, and system server. The OAuth client requests an access token from the authorization server. The returned access token can be used to access the system server.
- metaobject
- versionstring
Lists the major and minor version number for the format of the returned payload. The payload format or shape may change between minor versions, like including additional or extended fields in later versions. We include the version data in each response so that you have the option to handle the signaled differences.
- payload
- idrequired, string
Contains a unique identifier assigned to the auth credential. Use this value when querying for this auth credential in future API requests.
- createdAtrequired, string
Displays the timestamp of when the auth credential was created. This value is set by Redox.
- updatedAtrequired, string
Displays the timestamp of the last time this auth credential was updated. This value is set by Redox.
- organizationrequired, number
Contains your unique Redox organization identifier.
- namerequired, string
Displays the name of the auth credential.
- environmentIdrequired, string
Identifies the specific environment that the auth credential is used in.
- grantTyperequired, string
Indicates the method that's used to grant access to and authenticate the OAuth client. Redox only supports
client_credentials
. - urlrequired, string
Contains the authorization server URL, where the authorization request is sent.
- clientIdrequired, string
Identifies the OAuth client. This value is assigned by the authorization server.
- authStrategyrequired, string
Indicates the specific strategy type that this auth credential belongs to.
Value:OAuth_2.0_2-legged
- hasClientSecretboolean
Indicates whether the auth credential has a client secret stored. If so, this is set to
true
. - audiencestring
Indicates the system that should consume the auth credentials. This field isn't required but is sent in the
audience
field of the authorization request when populated. - scopesstring
Defines the scope or access granted with the authentication credentials. This field isn't required but is sent in the
scope
field of the authorization request when populated. - grantTypeNamestring
Contains the property name for the
grant_type
field in the authorization request. The default value isgrant_type
. This field is an advanced option that should be used if the authorization server expects something other thangrant_type
. - refreshGrantTypestring
Indicates the value sent in the
grant_type
field. This must be set when requesting a refresh token. Refresh tokens aren't often used with aclient_credential
grant. - clientIdNamestring
Contains the property name for the
client_id
field in the authorization request. The default value isclient_id
. This field is an advanced option that should be used if the authorization server expects something other thanclient_id
. - accessTokenNamestring
Contains the property name for the
access_token
field in the authorization response. The default value isaccess_token
. This field is an advanced option that should be used if the authorization server responds with something other thanaccess_token
. - expiresFieldNamestring
Contains the property name for the
expires_in
field in the authorization response. The default value isexpires_in
. This field is an advanced option that should be used if the authorization server responds with something other thanexpires_in
. - refreshTokenNamestring
Contains the property name for the
refresh_token
field in the authorization response. The default value isrefresh_token
. This field is an advanced option that should be used if the authorization server responds with something other thanrefresh_token
. - contentTypestring
Defines the default type of payload for requests coming into your system with this auth credential. This value is located in the header of incoming API requests. The default value is
application/x-www-form-urlencoded
. - noBasicstring
Some servers expect a basic auth header, including the client ID and secret, in the authorization request. The default behavior is to always send the basic auth header. Setting this field to
true
excludes the basic auth header from the request. - resourcestring
Identifies a specific resource that the OAuth client is requesting access to. This field isn't required but is sent in the
resource
field of the authorization request when populated. - customFieldNamestring
Defines an additional field that the OAuth client can send in the authorization request, either in the header or body. To add a custom field to the header, it must start with
headers.
, otherwise it will appear in the body. - customFieldValuestring
Contains the value of the
customFieldName
, which is sent in the authorization request. - defaultExpirationSecondsstring
Defines the number of seconds that the access token is valid, if used. This field is only used if the authorization server doesn't send an expiration value in the response.
This is an authentication strategy type that uses an OAuth client, authorization server, and system server. The OAuth client requests an access token from the authorization server. The returned access token can be used to access the system server.