Configuring REST API Connectors – OAuth 1.0a

Studio provides you with several Connectors like Databases like MySQL, and Microsoft SQL, Third-party connectors like Slack, Trello, Stripe, etc. You can also connect to different APIs using their respective authentication methods. There are different methods of API authentication, using the API Key, using basic Auth which is using the username and password, using OAuth which is a standard for accessing user permissions without a password, the AWS authentication method, multistep authentication method, OAuth Client Credentials, Digest Authentication, Hawk Authentication and OAuth 1.0a.

The OAuth 1.0a is a legacy authentication method. The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers. More generally, OAuth creates a freely-implementable and generic methodology for API authentication.

Configuring the third-party API connector

To add third-party connectors, under Studio > Connectors, click (+) Connector.


Studio has different options including the use of the REST API that allows you to easily connect to the Third-Party API and database and access important systems. It has a feature of OAuth 1.0a.

Configure API category

Use the OAuth 1.0a authentication type

When configuring the APIs, you need to provide the Authentication details for the respective authentication method. Let us see how to configure an API using the OAuth 1.0a method.

Once you select the REST API, enter the Connector name which should ideally be self-explanatory.

In the Authentication, section select OAuth 1.0a.

Configure account-specific fields

  • Enter the application credentials: You need to configure the application credentials. Simply copy the Client Id /Consumer Key and Client /consumer Secret from the app’s API or from the developer’s setting and paste them in the connector configuration.

  • Signature Method: There is a need to sign all tokens and protected resources by the customer and service providers to prevent unauthorized parties to use the consumer key or token when making the token request. The signature process encodes the consumer secret and token secret into a verifiable value which is included in the request.
    There are three different signature methods provided in the studio:

    • HMAC-SHA1: uses the signature algorithm where the Signature Base String is the text and the key is the concatenated values of the Consumer Secret and Token Secret, separated by an ‘&’ character (ASCII code 38) even if empty.
    • HMAC-SHA256: uses the signature algorithm that is created from the SHA-256 hash function.
    • Plain: method does not provide any security protection and should only be used over a secure channel such as HTTPS.
  • Configure test API for your connector: Add a simple API endpoint to test the user environment. DronaHQ includes data from your input form in the URL Params by default; click Advanced to customize the API call if your API expects them in the header instead

Once filled in the details, click Test Connection . Once the authentication is successful it will show the message and now you can save your connection.

Add API to configure

Now that you have configured the API category and added accounts you now need to add the API for configuration. Under Studio > Connectors you can see your connector is added. To add this API, click Add API.

Now Add the Connector API name and the API endpoint with the required parameters and test your API.

Managing Environment

You can select the Manage Environment option from the edit button of the configured connector. Here you can manage different environments such as production, staging, development, test environment, and others, of a single account by adding different credentials and other details corresponding to different environments.

Select either the environments which you haven’t configured yet, by clicking on configure or click on the configured environments to make further changes and edits.
You will see that the environments which are yet to be configured already have auto-populated details from the production environment including the consumer key, consumer secret, access token, token secret, and base URL of your endpoint API. You can make changes from a single place and these changes will reflect on your respective environments.