REST Service Authentication

When it comes to connecting your process flows with web applications or REST services, security is a key issue. One of the ways to protect services and ensure that only authorized users can access them is through authentication. Flokzu offers support for several authentication methods, including basic authentication, Bearer authentication and API Key authentication.

1. API Key

API Key authentication is a method where a unique access key is generated for each user or application that wants to interact with the REST service. This key is sent in each request as a header or attached as a parameter in the URL. By validating the provided key, the REST service verifies the authenticity of the requester and grants access if the key is valid.

To configure an API Key authenticated service in Flokzu, you simply need to add a special header, usually called "API-Key" (but it may vary depending on your service).

2. Basic Authentication

Basic authentication is a simple yet effective method to secure REST services. It involves sending authentication credentials (username and password) in each request made to the service. The process of basic authentication entails including a special header called "Authorization" in the HTTP request. This header contains the username and password encoded in Base64. While Base64 encoding does not encrypt the credentials, it provides a basic form of obfuscation.

However in Flokzu configuring a service with Basic Authentication is simpler than that:

Go to the Settings menu → Advanced.
In the REST Authentications section, enter the Manage REST Web Service Authentications option and click on the New Authentication button.
Select the Basic Authentication type, enter your Web Service username and password and save the changes.

3. Bearer Authentication

Bearer authentication is another commonly used method in REST services. It involves including an "Authorization" header in the HTTP request, similar to basic authentication. However, instead of sending a username and password, a access token (called a Bearer token) is used. This token is generated by the external service provider and provided to us to use in our requests. When consuming a Bearer-authenticated REST service, we simply include this token in our requests to demonstrate our identity. The external service verifies it, and if everything is in order, it returns the requested data.

Go to the Settings menu → Advanced.
In the REST Authentications section, enter the Manage REST Web Service Authentications option and click on the New Authentication button.
Select the Bearer Token Authentication type, and enter the token of the web application you wish to integrate with.

4. Dynamic Bearer Token Authentication

This is the same Bearer method, but the token has an expiration period. Each call verifies that the token is still valid and if it is not, the app is asked to provide a new token via another web service.
The authentication process must be configured in Flokzu once as follows:




Auth URL: The endpoint for authorization server. This is used to get the authorization token.
Token Field: Name of the field where the token to be used is returned.
Expiration Field: Name of the field where the token expiration date is returned.
Date Pattern: Date pattern of the expiration date (e.g., "yyyy-MM-dd HH:mm:ss").
Username: Username for the authentication service.
Password: Password for the authentication service.


Optionally, you can customize the headers and body of the call.





The token is automatically inserted in the header without the need for manual configuration.

Updated on: 11/09/2023