API Authentication can be done in various ways, but all of them have the same goal: to protect and manage the API consumers. In this article, we'll show some concepts of API security during the consume.
For the majority of APIs, the authentication data is sent via
Headers. Like in a message, they represent the header of your requisition. That's where you should send your credentials for the API for validation.
The first step of authentication is to understand which type the API uses, usually found in their documentation. The authentication types are: Basic, Bearer, Token, OAuth, in some cases the authentication can be sent via
QueryString (?token=123) or even in its body. In LinkApi, we have all of these types encapsulated and ready to configure. Check more info in Creating a Private App.
Inside LinkApi, you can create Tenants to segregate credentials or triggers. If you have different authentications for the same platforms, we strongly recommend using Tenants. Click the Capybara icon on the top right and select Tenants to create a new one.
On the menu, you can easily change the selected Tenant.
Click on the Capybara icon and select Credentials with the desired Tenant selected.
Each credential is related to a Tenant and an App, so you don't mix them up.
Once your credentials are set inside LinkApi, we'll prioritize them inside our engine. That means that any trigger or API consume running through a certain Tenant will use the registered credentials.
While consuming a Private or Pre-Built App, you can test if your credentials are valid, understand returned data from an endpoint or its behavior in an error scenario. When you access an App inside the Packages and go to Resources, the message “You can add auth params for test” will be shown. When you click it, a form of the necessary fields for the authentication will be presented. When you fill them and confirm, all the tests for Resources will use this authentication.
The credential used for test will not be saved for the Tenant, it'll only be used for testing while building the App.
An Automation or API project can run without registered Tenant credentials. When there's no specific credential for the selected platform, the credential for tests while building the App will be used.
If you don't have any Credentials registered in your Tenant when you're building your project, when you click Run ▶ in the Code Builder, you'll be asked to input Credentials for the Apps selected as Dependency in that project. That credentials will be saved inside the Credentials page for your Tenant.
You can edit them anytime on the side menu, in Manage > Credentials.