Configuring REST API connector – OAuth V2 – PKCE

Studio provides you with several Connectors like Databases like MySQL, Microsoft SQL, etc., and Third-party connectors like Slack, Trello, Stripe, etc. You can connect the different APIs using their respective authentication methods. There are different methods of API authentication, using the API Key, using basic Auth which is using the username and password, using the OAuth which is a standard for accessing user permissions without a password, the AWS authentication method, multistep authentication method, and OAuth V2 with PKCE.

OAuth V2 – PKCE method is an extended security type of OAuth 2.0 to prevent CSRF and authorization code injection attacks. PKCE permits applications to utilize the most dependable OAuth 2.0 streams out to the open or untrusted clients.

Configuring the third-party API connector

To add third-party connectors, under Studio > Connectors, click (+) Connector.

image

Studio has different options including the use of the REST API that allows you to easily connect to the Third-Party API and database and access important systems. It has a feature of OAuth V2 - PKCE.

Configure API category

Use the OAuth 2 PKCE Flow authentication type if your API supports OAuth 2 “Authorization Code” grant. When setting up a Service, your user’s browser will be redirected to your site where you can authenticate them. Your OAuth implementation will then return an access token that your DronaHQ integration will use to authorize requests to your API.
When configuring the APIs, you need to provide the Authentication details for the respective authentication method. Let us see how to configure an API using the OAuth V2 – PKCE method.
Once you select the REST API, enter the Connector name which should ideally be self-explanatory.
In the Authentication section select OAuth V2 – PKCE.

Configure account-specific fields

  • Copy the OAuth redirect URL: You need to copy the URL link provided in this step. It would be used in the respective developer portal of the service’s client application that will receive OAuth 2.0 credentials. Once you create the client app in the service you need to copy this URL to the section usually marked as the OAuth 2.0 redirect URI of the app. You can also add additional permissions if required for the application. You can also add the redirect URL in the allowed origin section as well.

  • Enter the application credentials: You need to configure the application credentials. Simply copy the Client Id from the app’s API or from the developer’s setting and paste them in the connector configuration.

  • Code Challenge Method: It is a transformation of a code verifier. It is used to state the method used for transforming code verifier to code challenge. We usually have two types under the code challenge method.

    • SHA – 256: It is used when you have the transformed code challenge created by SHA256 hashing the code verifier.
    • Plain: It is used when there is no transformation of the code verifier. The code challenge and code verifier are the same.
  • Authorization Request: Specifies where the users are sent to authenticate with your API. If you go to the Development portal, you will see the authorization user URL. Copy it from the portal and paste it to the Authorize URL. Usually, when you add the URL from your API no further settings are required. However, some APIs may need further customization which includes the parameters response type, client id, and so on. These are the Advance options available in your configuration.

  • Scope: If you want to limit Studio’s access to your app data, define the OAuth scopes with a comma or space-separated list of values.

  • Access Token Request: It specifies the endpoint URL where Studio sends the approval code. It is sent through the POST method type and receives the access_token in the response.

  • Refresh token request: Enter the API endpoint URL where Studio can request a refreshed access token when a 401 status of error is thrown when calling API.

  • Configure test API for your connector: Add a simple API endpoint to test user credentials. DronaHQ includes data from your input form in the URL Params by default; click Advanced to customize the API call if your API expects them in the header instead.

Once filled in the details, click Test Connection. It will pop up a consent dialog window.

Once the authentication is successful it will show the message and now you can save your connection.

Add API

You can now add APIs based on the Connector configuration. Under Studio > Connectors you can see your connector is added. To add your new API as per the API endpoint, click Add API.

Now Add the Connector API name and the API endpoint with the required parameters and test your API.

Managing environment

You can select the Manage Environment option from the edit button of the configured connector. Here you can manage different environments such as production, staging, development, test environment, and others, of a single account by adding different credentials and other details corresponding to different environments.

Select either the environments which you haven’t configured yet, by clicking on configure or click on the configured environments to make further changes and edits.
You will see that the environments which are yet to be configured already have auto-generated details including the client ID and scope. You can make changes from a single place and these changes will reflect on your respective environments.

Once done, click on Save.