Authentication

Glyue supports multiple authentication methods to facilitate calling integrations in a variety of situations.

Basic Auth

Basic Auth uses a user’s credentials (username and password) that are encoded and sent with each request. While any valid user credential will work, Glyue strongly encourages using a dedicated service account for each external service that is calling an integration.

Service accounts adhere to the principle of least privilege; they have limited abilities within the app, cannot modify integrations, and can have tightly scoped integration permissions.

OAuth 2.0 Authorization Code

OAuth 2.0 Authorization Code flows are used to provide access to Glyue integrations on behalf of a user in another system. This typically manifests as the external system redirecting to Glyue's login, which redirects back to the external system after the user logs into Glyue. Permissions are governed by the logged-in user's Glyue account.

Setting up an Authorization Code based flow has two parts: configuring within Glyue, and configuring in the external system.

Glyue Setup

  1. From the admin page, find the OAuth2.0 section. Click on Applications, then Add Application+

  2. Save the generated Client ID (top of page) and Client secret (toward bottom) in a secure location. After this step, these values will not be visible again.

  3. In the Redirect URIs field, enter the full redirect URI (including https://) from the external app.

  4. Set Client Type to Confidential

  5. Set Authorization Grant Type to Authorization Code

  6. Enter the Name of the external app or 3rd party

  7. Save

External Application Setup

Specific steps differ between applications, but they will all require the following information:

  • The Client ID and Client Secret from above

  • Glyue's authorization endpoint: yourdomain.sandboxbanking.com/o/authorize/

    • Response type: code

  • Glyue's token endpoint: yourdomain.sandboxbanking.com/o/token/

    • Grant type: authorization_code

OAuth 2.0 Client Credentials

OAuth 2.0 Client Credential flows are used for server-to-server communication where no user is directly involved. In contrast to the Authorization Code flow, the external application itself is authorized in Glyue, rather than being authorization on behalf of a user.

For audit trail purposes, Glyue requires that a service account is associated with each Client Credential configuration. The integration permissions on this service account will govern which integrations the external app is allowed to execute.

Setting up an Client Credential based flow has two parts: configuring within Glyue, and configuring in the external system.

Glyue Setup

  1. From the admin page, find the OAuth2.0 section. Click on Applications, then Add Application+

  2. Select a service account from the User dropdown.

  3. Save the generated Client ID (top of page) and Client secret (toward bottom) in a secure location. After this step, these values will not be visible again.

  4. Set Client Type to Confidential

  5. Set Authorization Grant Type to Client Credentials

  6. Enter the Name of the external app or 3rd party

  7. Save

External Application Setup

Specific steps differ between applications, but they will all require the following information:

  • The Client ID and Client Secret from above

  • Access Token request details

    • Path: yourdomain.sandboxbanking.com/o/token/

    • Method: POST

    • Headers:

      • Authorization: Basic {base64(client_id:client_secret)}

      • Content-Type: x-www-form-urlencoded

    • Body > grant_type : client_credentials

After the external system calls Glyue with the above details, Glyue will respond with an access token (also known as a "bearer token"). Include that token in the authorization header of subsequent requests to integrations.

PreviousBanking Core Connectivity GuideNextPermissions

Last updated