Authentication

Integration Gateway supports multiple authentication methods to facilitate calling integrations in a variety of situations.

Basic Auth

Basic Auth uses a user’s credentials (username and password) that are encoded and sent with each request. While any valid user credential will work, Integration Gateway strongly encourages using a dedicated service account for each external service that is calling an integration.

Service accounts adhere to the principle of least privilege; they have limited abilities within the app, cannot modify integrations, and can have tightly scoped integration permissions.

OAuth 2.0 Authorization Code

OAuth 2.0 Authorization Code flows are used to provide access to Integration Gateway integrations on behalf of a user in another system. This typically manifests as the external system redirecting to Integration Gateway's login, which redirects back to the external system after the user logs into Integration Gateway. Permissions are governed by the logged-in user's Integration Gateway account.

Setting up an Authorization Code based flow has two parts: configuring within Integration Gateway, and configuring in the external system.

Integration Gateway Setup

From the admin page, find the OAuth2.0 section. Click on Applications, then Add Application+
Save the generated Client ID (top of page) and Client secret (toward bottom) in a secure location. After this step, these values will not be visible again.
In the Redirect URIs field, enter the full redirect URI (including https://) from the external app.
Set Client Type to Confidential
Set Authorization Grant Type to Authorization Code
Enter the Name of the external app or 3rd party
Save

External Application Setup

Specific steps differ between applications, but they will all require the following information:

The Client ID and Client Secret from above
Integration Gateway's authorization endpoint: yourdomain.sandboxbanking.com/o/authorize/
- Response type: code
Integration Gateway's token endpoint: yourdomain.sandboxbanking.com/o/token/
- Grant type: authorization_code

OAuth 2.0 Client Credentials

OAuth 2.0 Client Credential flows are used for server-to-server communication where no user is directly involved. In contrast to the Authorization Code flow, the external application itself is authorized in Integration Gateway, rather than being authorization on behalf of a user.

For audit trail purposes, Integration Gateway requires that a service account is associated with each Client Credential configuration. The integration permissions on this service account will govern which integrations the external app is allowed to execute.

Setting up an Client Credential based flow has two parts: configuring within Integration Gateway, and configuring in the external system.

Integration Gateway Setup

From the admin page, find the OAuth2.0 section. Click on Applications, then Add Application+
Select a service account from the User dropdown.
Save the generated Client ID (top of page) and Client secret (toward bottom) in a secure location. After this step, these values will not be visible again.
Set Client Type to Confidential
Set Authorization Grant Type to Client Credentials
Enter the Name of the external app or 3rd party
Save

External Application Setup

Specific steps differ between applications, but they will all require the following information:

The Client ID and Client Secret from above
Access Token request details
- Path: yourdomain.sandboxbanking.com/o/token/
- Method: POST
- Headers:
  - Authorization: Basic {base64(client_id:client_secret)}
  - Content-Type: x-www-form-urlencoded
- Body > grant_type : client_credentials

After the external system calls Integration Gateway with the above details, Integration Gateway will respond with an access token (also known as a "bearer token"). Include that token in the authorization header of subsequent requests to integrations.

PreviousBanking Core Connectivity Guide NextPermissions

Last updated 1 day ago

Was this helpful?