Authentication Types
Overview
Service authentication is essential for securely connecting to external services from the Unqork Designer Platform. Service authentication manages the credentials for authentication and allows access to external APIs in your application. To add a new service in Unqork, add the type of authentication required by the service.
TIP To learn how to use authenticated services in Unqork, click the following link: https://docs.unqork.io/Content/D-Administration/D08001A-Services_Administration.htm
Types of Authentication
Unqork provides several methods of authentication for your application. Each method contains a set of parameters that are either required to complete, or an optional setting. These parameters might require credentials provided by the external service's API documentation.
To access the different types of authentication in Unqork:
| 1. | At the top right of the Unqork Designer Platform, click the Settings drop-down. |
| 2. | Click Administration. |
| 3. | Under Integration, select Services Administration. |
| 4. | From the Type of authentication drop-down menu, select an authentication method. |
List of Authentication Types
The types of authentication Unqork supports are:
No Authentication
The No Authentication method allows you to send information, such as an API key, in the header or body request. This method does not follow any specific authentication scheme. This is the default selection for the Types of Authentication drop-down.
The No Authentication method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Do not follow redirect |
Enable this parameter to prevent server redirects. |
Optional |
|
Enable SOAP Digital Signature |
Attach a digital signature to the authentication request. |
Optional |
|
Enable Mutual TLS |
Enable mTLS to add an extra layer of security on top of other integrations. An mLTS certificate chain and passphrase are required to use mLTS. |
Optional |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
OAuth2 Client Credentials Grant
The Client Credentials Grant method is used by clients to obtain an access token outside of the context of a end-user. This is typically used by clients to access resources about themselves rather than to access an end-user's resources.
The OAuth2 Client Credentials Grant method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Do not follow redirect |
Enable this parameter to prevent server redirects. |
Optional |
|
Perform authentication only |
The access token is sent back immediately in Service response. |
Optional |
|
Access Token URL |
The integration service provides the Access Token URL to the authentication server. Look for the Access Token URL for your integration on that service’s developer documentation. |
Required |
|
Client ID |
The integration service provides this key. Unqork uses it as the client_id in the request body. |
Required |
|
Client Secret |
The integration service provides this key. Unqork uses it as the client_secret in the request body. |
Required |
|
Scope |
If provided to you by the integration service, complete this field with a space-delimited list of requested scope permissions. |
Optional |
|
Send Client ID/Secret in Body instead of Header |
Enable this setting to send the Client ID and Client Secret in the body of the request. |
Optional |
|
Enable Mutual TLS |
Enable mTLS to add an extra layer of security on top of other integrations. An mLTS certificate chain and passphrase are required to use mLTS. |
Optional |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
OAuth2 Password Grant
The Password Grant method is a way to exchange an end-user's credentials for an access token.
The OAuth2 Password Grant method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Do not follow redirect |
Enable to prevent server redirects during authentication. |
Optional |
|
Perform authentication only |
The access token is sent back immediately in Service response. |
Optional |
|
Access Token URL |
The integration service provides the Access Token URL to the authentication server. Look for the Access Token URL for your integration on that service’s developer documentation. |
Required |
|
Client ID |
The integration service provides this key. Unqork uses it as the client_id in the request body. |
Optional |
|
Client Secret |
The integration service provides this key. Unqork uses it as the client_secret in the request body. |
Optional |
|
Scope |
If provided to you by the integration service, complete this field with a space-delimited list of requested scope permissions. |
Optional |
|
Send Client ID/Secret in Body instead of Header |
Enable this setting to send the Client ID and Client Secret in the body of the request. |
Optional |
|
Username |
The username associated with the service. |
Required |
|
Password |
The password associated with the service. |
Optional |
|
Enable Mutual TLS |
Enable mTLS to add an extra layer of security on top of other integrations. An mLTS certificate chain and passphrase are required to use mLTS. |
Optional |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
OAuth2 JWT Bearer Grant
The JSON Web Token (JWT) Bearer Grant authentication method is a way to encode claims in a JSON document that is then signed. JWTs can be used as OAuth 2.0 Bearer Tokens to encode all relevant parts of an access token into the access token itself instead of having to store them in a database.
The OAuth2 JWT Bearer Grant method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Do not follow redirect |
Enable to prevent server redirects during authentication. |
Optional |
|
Perform authentication only |
The access token is sent back immediately in Service response. |
Optional |
|
Access Token URL |
The integration service provides the Access Token URL to the authentication server. Look for the Access Token URL for your integration on that service’s developer documentation. |
Required |
|
Issuer |
Client credentials required by the API for authentication before issuing the JWT. |
Required |
|
Subject |
Client credentials required by the API for authentication before issuing the JWT. |
Required |
|
Audience |
Specified by the API with which you're integrating if it is required. It might require the Access Token URL again. |
Required |
|
Scope(s) to access |
Specified by the API with which you're integrating if it is required. Separate each scope with a space. |
Required |
|
Token Expires in (Seconds) Default 60 minutes. |
Specify how long a token lasts in seconds before an end-user is required to authenticate again. |
Optional |
|
Signing Algorithm |
Specified by the API with which you're integrating if it is required. For RS256 algorithm, private key is required. For HS256 algorithm, shared key or shared secret is required. |
Required |
|
Shared/Private Key |
The key provided by the API for your private account. Keep the BEGIN PRIVATE KEY and END PRIVATE KEY sections. |
Optional |
|
Enable Mutual TLS |
Enable mTLS to add an extra layer of security on top of other integrations. An mLTS certificate chain and passphrase are required to use mLTS. |
Optional |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
Bearer Token
Bearer authentication is an HTTP authentication scheme that involves security tokens called bearer tokens. Bearer tokens take the form of cryptic strings generated by the integrated service in response to a login request.
The Bearer Token method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Do not follow redirect |
Enable to prevent server redirects during authentication. |
Optional |
|
Bearer Token |
Bearer tokens take the form of cryptic strings generated by the integrated service. When you submit a request using a Bearer Token, you don’t request on behalf of an individual. Instead, you request on behalf of an application. |
Required |
|
Enable Mutual TLS |
Enable mTLS to add an extra layer of security on top of other integrations. An mLTS certificate chain and passphrase are required to use mLTS. |
Optional |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
WSSE Username Token Profile
The Web Services Security & Encryption (WSSE) Username Token Profile method passes the Username Token in a SOAP header.
The WSSE Username Token Profile method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Do not follow redirect |
Enable to prevent server redirects during authentication. |
Optional |
|
Username |
The username associated with the authentication service. |
Required |
|
Password |
The password associated with the authentication service. |
Required |
|
Enable SOAP Digital Signature |
Attach a digital signature to the authentication request. |
Optional |
|
Enable Mutual TLS |
Enable mTLS to add an extra layer of security on top of other integrations. An mLTS certificate chain and passphrase are required to use mLTS. |
Optional |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
Twilio
Twilio API authentication uses REST API to communicate with Twilio’s servers. Twilio does not use Service protocol + host information.
Twilio supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Account SID |
The SID of the Account that created the Key resource to fetch. |
Optional |
|
Auth Token |
The integration service provides the Auth Token. Look for the Auth Token for your integration on that service’s developer documentation. |
Required |
|
Number |
The phone number Twilio requests from. |
Required |
|
Express Domain |
The express environment you are linking this service to. Example: testx-unqork.io |
Required |
|
Receive inbound requests |
Select whether to allow inbound requests from the authentication service. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
Plaid
Plaid API authentication uses tokens to authorize access to end-users. Plaid does not use Service protocol + host information.
Plaid supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Client ID |
The integration service provides this key. Unqork uses it as the client_id in the request body. |
Required |
|
Public Key |
The integration service provides this key. |
Required |
|
Client Secret |
The integration service provides this key. Unqork uses it as the client_secret in the request body. |
Required |
|
Environment |
In the drop-down, select an environment the Plaid API is used in: Sandbox, Development, or Production. |
Required |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
Custom SOAP Header
External APIs might use Custom SOAP Headers to authenticate users for their service. They store access tokens in headers for authentication purposes.
The Custom SOAP Header method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Do not follow redirect |
Enable to prevent server redirects during authentication. |
Optional |
|
SOAP Header |
Used to pass application-related information that is processed by SOAP nodes along the message path. |
Optional |
|
Enable SOAP Digital Signature |
Attach a digital signature to the authentication request. |
Optional |
|
Enable Mutual TLS |
Enable mTLS to add an extra layer of security on top of other integrations. An mLTS certificate chain and passphrase are required to use mLTS. |
Optional |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
Basic Auth
Basic Authentication requires only a username and password encoded with base64. Then it sends this information in the API request header. This is the most straightforward method but the least secure.
TIP You can learn more about the basic authentication method in Unqork here: https://docs.unqork.io/Content/M-APIs_Integrations/M01-APIs/M01104-Basic_API_Authentication.htm
The Basic Auth method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Do not follow redirect |
Enable to prevent server redirects during authentication. |
Optional |
|
Username |
The username associated with the authentication service. |
Required |
|
Password |
The password associated with the authentication service. |
Required |
|
Enable SOAP Digital Signature |
Attach a digital signature to the authentication request. |
Optional |
|
Enable Mutual TLS |
Enable mTLS to add an extra layer of security on top of other integrations. An mLTS certificate chain and passphrase are required to use mLTS. |
Optional |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
Canada Post
The Canada Post authentication method uses HTTP header variables to store access information. This authentication is for accessing API services offered by Canada Post. This authentication method does not use Service protocol + host information.
The Canada Post method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
API Key |
Provided by the service with which you're integrating. |
Required |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
Google Places
The Google Places API creates a unique alphanumeric string that associates your Google billing account with your application and the Google Places API. This method enables the Address Search component in the Unqork Designer Platform.
TIP To learn about the Address Search component, view our Address Search article.
The Google Places method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
API Key |
Provided by the service with which you're integrating. |
Required |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
OpenID Connect (OIDC)
OIDC is a secure exchange of information between an OpenID Provider (OP) and a Relying Party (RP). The RP in this case is Unqork. The OP can be any SSO provider, such as Okta, Microsoft Entra ID, or Amazon Cognito.
NOTE A login session token is required to use the OIDC authentication method.
The OpenID Connect method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Do not follow redirect |
Enable to prevent server redirects during authentication. |
Optional |
|
Enable Mutual TLS |
Enable mTLS to add an extra layer of security on top of other integrations. An mLTS certificate chain and passphrase are required to use mLTS. |
Optional |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
Hyperscience
The Hyperscience API authentication method is specific to the Hyperscience service.
The Hyperscience method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Do not follow redirect |
Enable to prevent server redirects during authentication. |
Optional |
|
API Key |
Provided by the service with which you're integrating. |
Required |
|
Enable Mutual TLS |
Enable mTLS to add an extra layer of security on top of other integrations. An mLTS certificate chain and passphrase are required to use mLTS. |
Optional |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
SFTP
The Secure File Transfer Protocol (SFTP) is a secure method for encrypting and transferring large files over the internet. This authentication method does not use Service protocol + host information.
TIP You can learn more about how to use SFTP in Unqork here: https://docs.unqork.io/Content/O-Security/O01-Application_Security/O01106B-Secure_File_Transfer_Protocol_Authentication.htm
SFTP supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Host |
The host name of the SFTP you are connecting to. Example: sftp.example.com |
Required |
|
Port |
SFTP typically occurs over port 22. |
Required |
|
Username |
The username associated with the authentication service. |
Required |
|
Password |
The password associated with the authentication service. |
Required |
|
Private Key (PEM-Coded) |
Provided by the service with which you're integrating. Coded as Privacy-Enhanced Mail (PEM) |
Required |
|
Private Key Passphrase |
Provided by the service with which you're integrating. |
Required |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
FTP
The File Transfer Protocol (FTP) is the most basic method for transferring large files across the internet. FTP is an insecure protocol that relies on clear-text usernames and passwords for authentication. It is highly recommended to use SFTP instead as it uses encryption to authenticate and transfer data. This authentication method does not require Service protocol + host information.
FTP supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
Host |
The host name of the SFTP you are connecting to. Example: sftp.example.com |
Required |
|
Port |
SFTP typically occurs over port 22. |
Required |
|
Username |
The username associated with the authentication service. |
Required |
|
Password |
The password associated with the authentication service. |
Required |
|
Request Headers |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
Encryption (GPG)
GNU Privacy Guard (GPG) is a Linux tool designed for encrypting files. This service helps make the SFTP process more secure. This authentication method does not use Service protocol + host information.
TIP Learn how to set up GPG Encryption in the Unqork Designer Platform here: https://docs.unqork.io/Content/O-Security/O01-Application_Security/O01005B-GPG_Encryption_Setup.htm?Highlight=GPG%20Public%20Key%20(Armored)
The GPG Encryption method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
GPG Public Key (Armored) |
Provided by the service with which you're integrating. |
Required |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
Decryption (GPG)
GNU Privacy Guard (GPG) is a Linux tool designed for decrypting files. This service is only callable using Server Side Execute. This authentication method does not use Service protocol + host information.
TIP Learn how to set up GPG Decryption in the Unqork Designer Platform here: https://docs.unqork.io/Content/O-Security/O01-Application_Security/O01005C-GPG_Decryption_Setup.htm
The GPG Decryption method supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
GPG Public Key (Armored) |
Provided by the service with which you're integrating. |
Required |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
HMAC
The Hash-based Message Authentication Code (HMAC) method creates hashed values that are part of your API call. This service is only callable using Server Side Execute. Attempts to call it directly in a browser or externally can fail. This authentication method does not use Service protocol + host information.
HMAC supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
|
HMAC Private Key (Armored) |
Provided by the service with which you're integrating. |
Required |
|
Request Headers |
Attach additional information about the resource to fetch, or about the client requesting the resource. |
Optional |
|
Allowed Response Headers |
Specify what headers return in the response other than Content-Type, Content-Disposition, Content-Encoding, and Content-Length. |
Optional |
|
Request Body |
Add information to a service request in the body. The request body is added if it is in JSON format. |
Optional |
