integrator.io helps to connect business application and transfer data between them. When we create a connection to a connector application integrator.io ask for authentication type. Authentication contain the credentials needed for integrator.io to access information from that application. When you use a webhook in your flow you will need to set up a verification on that webhook. A webhook is a type of export that is used to collect data in real-time from the source application. The authentication types are varying based on the application that we are using.
There are different types of verification and authetication types are used in integrator.io.
Authentication Types
Cookie
Cookie is a session-based authentication method. It includes a unique cookie in the HTTP request header. integrator.io automatically creates and inserts this cookie into every HTTP request that sent to your application.
Digest
With the digest authentication method, integrator.io sends the first request to the API, and the server responds with details that include a single-use number: a real value and a 401 unauthorized response. An encrypted array of data, including the username and password combined with the data received from the server in the first request, is sent back. The server uses the passed data to generate an encrypted string and compares it against what is sent in the previous step to authenticate requests. i.e. integrator.io calls to receive data from the server that it encrypts and sends back.
Custom
For a custom type, integrator.io will not perform any special authentication. You must configure the HTTP request fields of the import and export models to include placeholders for any required values. You can store these values in the encrypted and unencrypted fields in this connection.
OAuth 2.0
The OAuth 2.0 authentication type enables integrator.io to obtain limited access to an HTTP service on behalf of an account. The scope is a mechanism in OAuth 2.0 to limit an application’s access to an account.
WSSE
WSSE available for HTTP connectors. This authentication must be used where the connecting application expects crypto hash generated out of the username and password. This value is sent over as part of the header.
Verification Types
Basic
The basic verification type allows you to create a Base64-encoded username and password to authenticate your connection or verify webhook. If you are using Basic a verification type in a webhook and then we can change the credentials for this verification in integrator.io, and you will have to also change them in the external application calling to the webhook.
Token
Token used an API key and a password to verify the connection.
Secret URL
It is the least secure verification type. It uses a token within a URL. The secret URL will create a custom URL Token, or you can create one yourself, which will change the URL that the external source will call to. It is least secure method but better than having no security at all.
HMAC
It is the most secure method of verification/authentication . HMAC allows you to set what type of encryption and encoding needs to be done. It set the secret key and the header that will contain your HMAC secret key. It is not widely available on our connectors. i.e. it is only available for select applications.