Glyue User Docs
  • What is Glyue?
  • Tutorials
    • Start Here
    • Building a Single-Step Integration
      • 1. Creating the Integration
      • 2. Calling the External System
      • 3. Running the Integration
      • 4. Crafting the Output
    • Building a Multi-System Integration
      • 1. Connecting to the Core
      • 2. Field Mapping
      • 3. Running the Integration
    • Building an Event-Driven Integration
      • 1. Setting up the Mock CRM
      • 2. Receiving Inbound Requests
      • 3. Triggering the Integration from the CRM
    • Building an Email Integration
      • 1. Create and Configure the Integration
      • 2. Input Validation
      • 3. Get Story IDs from Hacker News
      • 4. Get Story Content
      • 5. Sending the Email
      • 6. Wrapping Up
      • 7. Extra credit
        • extra_credit.json
    • Building a RESTful CRUD Web Service
      • 1. Integration Setup
      • 2. Vault Setup
      • 3. Create Web Service Endpoints
      • 4. Execute Web Service Endpoints with Vault Methods
      • 5. Vault Code Examples and Explanation
    • Building a Retrieval API against FIS CodeConnect
      • 1. Integration Setup
      • 2. Service Request Setup
      • 3. Field Mapping Setup
      • 4. Integration and Service Request Hook Setup
      • 5. Testing the Integration
      • 6. Common Errors
    • What is Pre-Mapping?
      • Before you start
      • Bookmarks
      • Source and Targets
      • Field Mapping Status
      • Field Mapping Comments
      • Summary
  • How-To Guides
    • How to Run an Integration from Glyue
    • How to Invite New Users
    • How to Create a Value Mapping Set
    • How to Build and Deploy a Custom Frontend
    • How to Migrate an Integration
    • How to Set Up Single Sign On (SSO)
      • Glyue Setup
      • JumpCloud Setup
      • Azure Setup
      • Okta Setup
      • Glyue SAML Config Reference
    • How to Install the Glyue App for Zoom Contact Center
    • How to use the Vault
  • Reference
    • Integration Builder Page
    • Integration Anatomy
    • Integration Components
      • Integration
      • Service Request
      • Field Mapping
      • Value Mapping Set
      • Value Mapping
      • Validation Rule
      • Mask
      • Integration Config
      • Integration Engine Versions
    • Integration Lifecycle
    • Special Functions
      • add_run_label
      • callint
      • debug
      • end
      • get_namespace
      • humanize
      • import_helper
      • keep
      • list_files
      • map_value
      • open_glyuefile
      • open_vault
      • Data Manipulation Utilities
      • calladapter
    • Special Variables
      • __adapter_config__
      • input
      • parentint
      • retvalue
      • run_history_id
      • Iterables
        • fitem/fidx
        • sritem/sridx
        • vritem/vridx/vrmsg
    • Adapters
      • Generic HTTP Adapter
      • Email SMTP Adapter
    • Web Service Endpoints
    • Vault Reference
  • Glyue Platform Reference
    • Banking Core Connectivity Guide
    • Authentication
    • Permissions
      • Service Accounts
      • Organizations
    • Frontends
    • Idempotency Layer
    • Integration Scheduler
    • Governance Reports
    • Arbitrary Integration Request Content Support
    • Admin Components
    • Logging
  • ETL
    • Glyue ETL Overview
    • Data Connectors
    • Workflows
    • Run History
    • Scheduler
Powered by GitBook
On this page
  • Basic Auth
  • OAuth 2.0 Authorization Code
  • OAuth 2.0 Client Credentials

Was this helpful?

  1. Glyue Platform Reference

Authentication

PreviousBanking Core Connectivity GuideNextPermissions

Last updated 8 months ago

Was this helpful?

Glyue supports multiple authentication methods to facilitate calling integrations in a variety of situations.

Basic Auth

Basic Auth uses a user’s credentials (username and password) that are encoded and sent with each request. While any valid user credential will work, Glyue strongly encourages using a dedicated for each external service that is calling an integration.

Service accounts adhere to the principle of least privilege; they have limited abilities within the app, cannot modify integrations, and can have tightly scoped .

OAuth 2.0 Authorization Code

OAuth 2.0 Authorization Code flows are used to provide access to Glyue integrations on behalf of a user in another system. This typically manifests as the external system redirecting to Glyue's login, which redirects back to the external system after the user logs into Glyue. Permissions are governed by the logged-in user's Glyue account.

Setting up an Authorization Code based flow has two parts: configuring within Glyue, and configuring in the external system.

Glyue Setup

  1. From the admin page, find the OAuth2.0 section. Click on Applications, then Add Application+

  2. Save the generated Client ID (top of page) and Client secret (toward bottom) in a secure location. After this step, these values will not be visible again.

  3. In the Redirect URIs field, enter the full redirect URI (including https://) from the external app.

  4. Set Client Type to Confidential

  5. Set Authorization Grant Type to Authorization Code

  6. Enter the Name of the external app or 3rd party

  7. Save

External Application Setup

Specific steps differ between applications, but they will all require the following information:

  • The Client ID and Client Secret from above

  • Glyue's authorization endpoint: yourdomain.sandboxbanking.com/o/authorize/

    • Response type: code

  • Glyue's token endpoint: yourdomain.sandboxbanking.com/o/token/

    • Grant type: authorization_code

OAuth 2.0 Client Credentials

OAuth 2.0 Client Credential flows are used for server-to-server communication where no user is directly involved. In contrast to the Authorization Code flow, the external application itself is authorized in Glyue, rather than being authorization on behalf of a user.

Setting up an Client Credential based flow has two parts: configuring within Glyue, and configuring in the external system.

Glyue Setup

  1. From the admin page, find the OAuth2.0 section. Click on Applications, then Add Application+

  2. Select a service account from the User dropdown.

  3. Save the generated Client ID (top of page) and Client secret (toward bottom) in a secure location. After this step, these values will not be visible again.

  4. Set Client Type to Confidential

  5. Set Authorization Grant Type to Client Credentials

  6. Enter the Name of the external app or 3rd party

  7. Save

External Application Setup

Specific steps differ between applications, but they will all require the following information:

  • The Client ID and Client Secret from above

  • Access Token request details

    • Path: yourdomain.sandboxbanking.com/o/token/

    • Method: POST

    • Headers:

      • Authorization: Basic {base64(client_id:client_secret)}

      • Content-Type: x-www-form-urlencoded

    • Body > grant_type : client_credentials

After the external system calls Glyue with the above details, Glyue will respond with an access token (also known as a "bearer token"). Include that token in the authorization header of subsequent requests to integrations.

For audit trail purposes, Glyue requires that a service account is associated with each Client Credential configuration. The on this service account will govern which integrations the external app is allowed to execute.

service account
Basic Auth (username / password)
OAuth 2.0 Authorization Code
OAuth 2.0 Client Credentials
integration permissions
integration permissions