Introduction to Authentication in the API app
Authentication is stating that you are who are you are and authorization is asking if you have access to a certain resource. When working with REST APIs or building your own API, one must remember to consider security right from the start. With Firecamp's dedicated
Auths tab in the request panel, you can replicate auth configuration for your own API or 3rd Party API's.
For example, if you have a RESTful API for an online store, it's not okay to allow anonymous users to DELETE products from the catalog entries, but it's fine for them to GET a product catalog entry. On the other hand, for the store owner, both of these are valid uses. Hence, authentication is critical.
Some of the popular authentication methods are as follows:
OAuth 2.0works to first get an access token for the API, then use the token it has received to authenticate future requests. Accessing data and information via the OAuth 2.0 differs greatly between 3rd party API service providers but usually involves a few requests back and forth between the client application, user, and the API.
Digestauthentication is for negotiating credentials, such as username or password from the server. This can be used to confirm the identity of a user before sending sensitive information, such as online banking transaction history. Firecamp sends a request from the user, which is received by the endpoint and then sent to a domain controller. The domain controller sends a special key, called a digest session key, to the server that received the original request. This can be used to authenticate the requests sent after by the user.
Bearer tokens are access keys that allow requests to authenticate securely. These text based string tokens, such as a JSON Web Token (JWT), can be added in the Token field, your API key value, or for added security, stored in a variable and referenced by the variable name.
Basicauthentication, Firecamp sends a verified username and password with your request.
AWSis the authorization workflow for Amazon Web Services requests. AWS uses a custom HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code) for authentication. Refer to the AWS documentation for more information on the same.
OAuth 1.0allows client applications to access data provided by a third-party API. For example, when a user grants another application access to data with that service without exposing your login details. Accessing user data via OAuth 1.0 often involves few requests sent between client applications, the user, and the service provider. OAuth 1.0 is hence referred to as either "two-legged" (between client and server) or "three-legged" (between client requesting data of user for a 3rd party service).
No Authis the default option available in Firecamp. If you don't need Firecamp to send any authorization details with your request, then then select
No Authfrom the
Authtab dropdown list.
NTLM (Under Development)
You can choose the needed authentication type by navigating to the
Auths tab in the request panel of the API app, and selecting the method from the dropdown list. You can also choose one from the
Quick auth type selection menu.