Authentication

To configure your first Generic Extractor, follow our tutorial. Use Parameter Map to help you navigate among various configuration options.

Unless the API you want to extract from is completely public, you need an authentication and possibly also an authorization method. There are many authentication methods available. Generic Extractor supports the following ones:

  • URL Query authentication — sends credentials in the URL of each API request.
  • Basic HTTP authentication — sends credentials in the Authorization header of each API request.
  • Login authentication — obtains temporary credentials (token) by logging in, and then sends them in the URL or headers of each API request.
  • OAuth 1.0 authentication — authenticates with OAuth 1.0 scheme.
  • OAuth 2.0 authentication — authenticates with OAuth 2.0 scheme.
  • OAuth 2.0 Login authentication — crossover between the OAuth 2.0 and Login authentication.

Use the authentication method supported by the target API. If the API supports multiple authentication methods, the URL Query and Basic HTTP methods are the easiest to set up; but they are also the least secure.

An example authentication configuration looks like this:

{
    "api": {
        "authentication": {
            "type": "url.query",
            "query": {
                "apiKey": "2267709"
            }
        }
    },
    "config": {
        ...
    }
}

OAuth

Generic Extractor also supports authentication using the OAuth standard. Due to the principles of OAuth, this authentication method is supported only for registered components. The OAuth protocol defines a scheme in which credentials are exchanged between the following:

  • Consumer (Generic Extractor)
  • Service provider (the API itself)
  • End-user (the person authenticating against the API)

The OAuth specification defines what kind of information is exchanged in which steps. It is not a precise specification and leaves quite some freedom to the implementation. Also, there are two versions of OAuth — 1.0 and 2.0. They are completely incompatible (both the authentication steps and the exchanged fields differ). Both OAuth 1.0 and OAuth 2.0 are supported by Generic Extractor. If you are developing a new component using Generic Extractor templates and want to use and test OAuth authentication, inject the necessary credentials simply by passing them in the authorization property of the configuration.