Authentication
Glyue supports multiple authentication methods to facilitate calling integrations in a variety of situations.
Basic Auth
Basic Auth uses a user’s credentials (username and password) that are encoded and sent with each request. While any valid user credential will work, Glyue strongly encourages using a dedicated service account for each external service that is calling an integration.
Service accounts adhere to the principle of least privilege; they have limited abilities within the app, cannot modify integrations, and can have tightly scoped integration permissions.
OAuth 2.0 Authorization Code
OAuth 2.0 Authorization Code flows are used to provide access to Glyue integrations on behalf of a user in another system. This typically manifests as the external system redirecting to Glyue's login, which redirects back to the external system after the user logs into Glyue. Permissions are governed by the logged-in user's Glyue account.
Setting up an Authorization Code based flow has two parts: configuring within Glyue, and configuring in the external system.
Glyue Setup
From the admin page, find the OAuth2.0 section. Click on Applications, then Add Application+
Save the generated Client ID (top of page) and Client secret (toward bottom) in a secure location. After this step, these values will not be visible again.
In the Redirect URIs field, enter the full redirect URI (including
https://
) from the external app.Set Client Type to
Confidential
Set Authorization Grant Type to
Authorization Code
Enter the Name of the external app or 3rd party
Save
External Application Setup
Specific steps differ between applications, but they will all require the following information:
The Client ID and Client Secret from above
Glyue's authorization endpoint:
yourdomain.sandboxbanking.com/o/authorize/
Response type:
code
Glyue's token endpoint:
yourdomain.sandboxbanking.com/o/token/
Grant type:
authorization_code
OAuth 2.0 Client Credentials
OAuth 2.0 Client Credential flows are used for server-to-server communication where no user is directly involved. In contrast to the Authorization Code flow, the external application itself is authorized in Glyue, rather than being authorization on behalf of a user.
For audit trail purposes, Glyue requires that a service account is associated with each Client Credential configuration. The integration permissions on this service account will govern which integrations the external app is allowed to execute.
Setting up an Client Credential based flow has two parts: configuring within Glyue, and configuring in the external system.
Glyue Setup
From the admin page, find the OAuth2.0 section. Click on Applications, then Add Application+
Select a service account from the User dropdown.
Save the generated Client ID (top of page) and Client secret (toward bottom) in a secure location. After this step, these values will not be visible again.
Set Client Type to
Confidential
Set Authorization Grant Type to
Client Credentials
Enter the Name of the external app or 3rd party
Save
External Application Setup
Specific steps differ between applications, but they will all require the following information:
The Client ID and Client Secret from above
Access Token request details
Path:
yourdomain.sandboxbanking.com/o/token/
Method:
POST
Headers:
Authorization: Basic {base64(client_id:client_secret)}
Content-Type: x-www-form-urlencoded
Body >
grant_type
:client_credentials
After the external system calls Glyue with the above details, Glyue will respond with an access token (also known as a "bearer token"). Include that token in the authorization header of subsequent requests to integrations.
Last updated