Configuration for No / Custom Authentication
When you select No / Custom Authentication as the Authentication Method in the Configuration tab, Web Services aggregates the authentication details for all other endpoints.
In custom authentication, the Web Services application doesn't authenticate requests and doesn't add any authorization to the HTTP header. To accomplish this, the REST application requires a new token to authenticate the request from the Authentication Server.
Perform the following configurations:
-
Set the Authentication Method as No / Custom Authentication.
Important
If an endpoint doesn't require authentication at all, you only need to select No / Custom Authentication. Continue to the following steps to set up custom authentication. -
In the Connector Operations settings, select Add Operation.
-
Set the endpoint Operation to Custom Authentication, and select the Edit icon () in the Actions column.
-
Configure the following for endpoints:
-
Authentication URL – From the endpoint details page, enter the full URL in the Authentication URL field.
Note
Ensure that you enter the full URL in this field unlike the other endpoints where this field takes in the context URL. -
Header and Body:
-
Configure the Header and Body with the required fields for the token generation.
-
Keys for sensitive attributes updated in the Header and Body must be appended in the encrypted list in the application.
Caution
Don't configure sensitive attributes for the Header and Body through the configuration UI. They should be added through the application Debug page.When you add sensitive attributes to the header, ensure that the attributes are added with the suffix,
_CA
. For example, to use a password in the request, addpassword_CA
.Note
If the attributes are not suffixed with_CA
, the Web Services application might display unusual behavior.For example, if the attribute updated is a password then it must be added to the header as follows:
Before updating the encrypted list:
<entry key="encrypted" value="accesstoken,password,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword,custom_auth_token_info"/>
After updating the encrypted list:
<entry key="encrypted" value="accesstoken,password,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword,custom_auth_token_info,password_CA"/>
After the attributes are added, their values can be used as placeholders in the Header and Body.
For example:
$application.password_CA$
-
-
Response Mapping – Configure Response Attribute Mapping to obtain access details from the response. Response mapping is the same as in other endpoints where the key is added under the Response Attribute value. Its respective path must be added under Attribute Path.
Note
-
The Response Attribute value must not be present in the application configuration attributes. After response parsing the value is stored in key value format as follows:
<entry key="customaccesstoken" value="access_token"/>
-
Be sure to use a custom name for the Response Attribute Key other than the default name. For example, instead of using
accesstoken
you can define it ascustomaccesstoken
. -
The
accesstoken
entry can't be used in response mapping for custom authentication. You must use a different, unique entry to save the response.
-
-
-
The token value generated after executing No / Custom Authentication endpoint can be utilized in all other endpoints using placeholders as follows:
"$application.<your key>$"
For example:
"$application.customaccesstoken$"
If the token type is for Bearer instance, then it can be used as the following:
"<your token type> $application.<your key>$"
For example:
"Bearer $application.customaccesstoken$"