Article Content

  1. Introduction
  2. Overview
  3. Creating a Key
  4. Key Types
    1. Standard Methods
    2. Custom Methods
  5. Referencing a Key in a Processor


Introduction

The scope of the Credentials functionality is to allow the user to get access to a secure data on an external data resource without explicit authentication at the time the data is requested. 

The keys created can be referenced while configuring REST API or ETL connections and can also be used in processors like Multi URL API Load or Flexible REST API processors.


Overview

In the credentials tab, all the existing keys will be listed in a descending order of modification time. Within the credentials overview, the user will see details like key name, the type of the key, connection name (if a key is referenced in a connection), the permissions he has, etc.

A user with full rights will be able to create, delete, edit and share the keys to different projects.


Please be mindful that user with respective rights may be able to access these credentials as well! So always make sure, especially if personal credentials are used, that user rights are set properly and accordingly.




Creating a Key

  • First of all, navigate to the "Credentials" tab in ONE DATA. 
  • Within the tab click on 'Create' from the left sidebar.
  • A new window pops up and the 'Basic Auth' key type is selected by default.
  • Fill in the mandatory information for the respective key type.
  • Click on "Create". A new key is created and is now populated on top of the list in the credentials tab.


Important things to note when creating credentials:
- There are no restrictions for the password.
- Once a key is saved, the key type cannot be edited.
-A key cannot be deleted, unless the connections currently using the key are deleted.



Key Types

This section will explain the different key types for credentials.

Standard Methods

Basic Auth

This is the type for any basic authentication with a username and a password.

FieldDescription
Key nameName of the your key.
UsernameAny username that you want to authenticate with.
PasswordThe respective password for the given user.



Custom Methods

These are the key types for the authentication for certain platforms. 


ONE DATA Auth

The ONE DATA authentication type is very useful when working with the ONE DATA API inside of your workflows.

With this credential type and the respective connection, you can authenticate requests by using the account information of a ONE DATA user.

Without these credentials, you would need to save your JWT within a REST API Processor. This is problematic because authentication tokens can expire, which means you would need to update the workflow every time the token becomes invalid.


FieldDescription
Key nameName of the your key.
UsernameName of the ONE DATA user.
PasswordPassword of the ONE DATA user.
Authentication Endpoint URLThe URL of the endpoint the authentication request can be sent to, to obtain the access token in the authorization HTTP header.
Usually this is the URL to the ONE DATA instance followed by the API path for login: "[instance_URL]/api/v1/users/login"
(example: "https://doc.onedata.de/api/v1/users/login")


Personio Auth

This key type is for authentication in Personio. If you want to know how to enable authentication in Personio, take a look at this article.

It has the following required fields:

FieldDescription
Key nameName of the your key.
Client IdYour Personio client id.
Client SecretThe Personio client secret.
URLThe URL the authentication request is sent to. (https://api.personio.de/v1/auth).



Microsoft ROPC (Resource Owner Password Credentials)

This is the key type for the authentication for Microsoft Services, for example the MS Graph API.

To be able to use this key type, you need to register ONE DATA / your Workflow via Microsoft Azure. If you already have an app registered, you can skip this part.


Register an application in MS Azure:

  1. First, you need to click "New Registration" on the upper left of the part. In the appearing dialog, select a name and then an account type that fits your needs.
  2. After that, you will be redirected to the configuration menu of the app. There you can see your "ClientId" (Application Id) and "TenantId" (Directory Id) in the center of the page.
  • Under the "Authentication" tab in the side bar, you need to set the application to public, to be able to use ROPC.
  • Under "Certificates & Secrets" you can generate your Client Secret.
  • The last important point to mention is, that under "API Permissions" you can configure which information should be accessible via the registered application.


These are the required fields in ONE DATA to create credentials for MS ROPC:

FieldDescription
Key nameName of the key.
Client IdThe Application (client) Id the the Azure portal assigned to your app
TenantThe directory tenant you want to log the user into. This can be in GUID or friendly name format
UsernameThe user's email address (any valid Microsoft account holder).
PasswordThe user's password
Client SecretThis parameter is optional.
If your app is a public client, then the client_secret cannot be included.
If the app is a confidential client, then it must be included.



Referencing a Key in a Processor

Similarly, within the Flexible REST API processor, under the 'AUTHENTICATION' section, the user can override the key provided by the connection by selecting another key.