Credential endpoints allow you to manage custom authentication strategies for your organization's destinations. Destinations are the endpoints in your system that receive data from Redox.
You may choose custom authentication for your destinations if you want more secure authentication credentials for any data coming into your system.
With this set of Platform API endpoints, you can:
- retrieve a list of existing auth credentials for an environment;
- retrieve one auth credential by its ID;
- retrieve a list of supported auth strategies;
- create a new auth credential;
- update an existing auth credential; or
- delete an existing auth credential.
Update auth credential
Update field values of an existing auth credential.
The response contains the auth credential with the new values. The payload doesn't include any secret values. Instead, secrets are replaced with boolean fields that indicate whether a secret value exists with a true or false value. The field name has the format of has<PropertyName>.
cURL request example
Path Parameters
- idrequired, string
Displays the unique identifier of the auth credential.
Request Body Schema
- grantTyperequired, stringValue:
client_credentials
- urlrequired, string
Enter the URL where the client requests an access token. It’s usually provided by the authorization server and varies by auth strategy. Redox passes credentials to this URL for auth strategies other than OAuth. For SAML/SOAP auth, this may not be used.
- grantTypeNamestring
Enter the parameter name used to specify the grant type in the access token request body (e.g., grant_type or grantType).
- clientIdNamestring
Enter the key name for sending the client ID in a token request (e.g., client_id or clientId).
- clientSecretNamestring
Enter the key name for sending the client secret in a token request (e.g., client_secret or clientSecret).
- refreshTokenNamestring
Specify the name used to pass a refresh token when requesting a new access token (e.g., refresh_token or refreshToken).
- clientIdstring
Provide the unique identifier assigned to a client application by the authorization server. This identifies which application is making the authentication request.
- clientSecretstring
Provide the confidential key for authenticating the client application. It’s like a password for the app, which is required in cases where the client must prove its identity.
- accessTokenNamestring
Specify the name used to pass the access token in the API request (e.g., access_token or accessToken). It’s typically included in the request header.
- expiresFieldNamestring
Define the name of the field that specifies an access token expires (e.g., expires or expires_in). This is used to track when the access token will no longer be valid to make API requests.
- refreshGrantTypestring
Specify the grant type used for refreshing an expired token (e.g., refresh_token or refresh).
- audiencestring
Specify the intended recipient of the access token. This is typically the URI of the resource server.
- scopesstring
Define what permissions the application is requesting from the user. In some cases, scopes limit access to specific resources or actions.
- contentTypestring
Indicate the format of the request body (e.g., application/x-www-form-urlencoded or application/json).
- noBasicstring
Set to true to suppress sending the auth object in OAuth requests
- resourcestring
Enter the URI that represents the resource the client is trying to access. In some cases, it defines the target for access token issuance.
- customFieldNamestring
Define the name of the custom parameter that may be required by a specific implementation.
- customFieldValuestring
Specify the value for the custom parameter, which may be required by a specific implementation. Some APIs or systems may require additional fields in the access token request.
- defaultExpirationSecondsstring
Define the default duration (in seconds) that an access token remains valid before it needs to be refreshed or reissued.
- basicNoFormboolean
If enabled, the client_id and client_secret will not be included in the form data, only grant_type
This is an authentication strategy type that uses an OAuth client, authorization server, and system server. The OAuth client requests an access token from the authorization server. The returned access token can be used to access the system server.
- metaobject
- versionstring
Lists the major and minor version number for the format of the returned payload. The payload format or shape may change between minor versions, like including additional or extended fields in later versions. We include the version data in each response so that you have the option to handle the signaled differences.
- payload
- grantTyperequired, stringValue:
client_credentials
- urlrequired, string
Enter the URL where the client requests an access token. It’s usually provided by the authorization server and varies by auth strategy. Redox passes credentials to this URL for auth strategies other than OAuth. For SAML/SOAP auth, this may not be used.
- grantTypeNamestring
Enter the parameter name used to specify the grant type in the access token request body (e.g., grant_type or grantType).
- clientIdNamestring
Enter the key name for sending the client ID in a token request (e.g., client_id or clientId).
- clientSecretNamestring
Enter the key name for sending the client secret in a token request (e.g., client_secret or clientSecret).
- refreshTokenNamestring
Specify the name used to pass a refresh token when requesting a new access token (e.g., refresh_token or refreshToken).
- clientIdstring
Provide the unique identifier assigned to a client application by the authorization server. This identifies which application is making the authentication request.
- clientSecretstring
Provide the confidential key for authenticating the client application. It’s like a password for the app, which is required in cases where the client must prove its identity.
- accessTokenNamestring
Specify the name used to pass the access token in the API request (e.g., access_token or accessToken). It’s typically included in the request header.
- expiresFieldNamestring
Define the name of the field that specifies an access token expires (e.g., expires or expires_in). This is used to track when the access token will no longer be valid to make API requests.
- refreshGrantTypestring
Specify the grant type used for refreshing an expired token (e.g., refresh_token or refresh).
- audiencestring
Specify the intended recipient of the access token. This is typically the URI of the resource server.
- scopesstring
Define what permissions the application is requesting from the user. In some cases, scopes limit access to specific resources or actions.
- contentTypestring
Indicate the format of the request body (e.g., application/x-www-form-urlencoded or application/json).
- noBasicstring
Set to true to suppress sending the auth object in OAuth requests
- resourcestring
Enter the URI that represents the resource the client is trying to access. In some cases, it defines the target for access token issuance.
- customFieldNamestring
Define the name of the custom parameter that may be required by a specific implementation.
- customFieldValuestring
Specify the value for the custom parameter, which may be required by a specific implementation. Some APIs or systems may require additional fields in the access token request.
- defaultExpirationSecondsstring
Define the default duration (in seconds) that an access token remains valid before it needs to be refreshed or reissued.
- basicNoFormboolean
If enabled, the client_id and client_secret will not be included in the form data, only grant_type
This is an authentication strategy type that uses an OAuth client, authorization server, and system server. The OAuth client requests an access token from the authorization server. The returned access token can be used to access the system server.