Common authentication

Where API requests require authentication to send and receive information, credentials specific to the authentication type can be configured. Blue Prism supports the use of the following authentication types for API requests:

Basic
Bearer Token
OAuth 2.0 (Client Credentials)
OAuth 2.0 (JWT Bearer Token)
Custom

Credentials are used to store the data required to make an authenticated request to a Web API. Credentials applicable to the above authentication types are created in Credential Manager and then used to authenticate any request to the Web API. The credential selected in the API definition is used for all associated actions. However, when exposed to processes, an alternative credential can be used when specified as an input parameter.

In the example below, the Address Credential has been selected in the API definition as the default credential for all associated actions where an alternative value is not specified in the action inputs in Object Studio and Process Studio.

Given that Expose to process has been selected, a related input parameter is available for processes. The name of an alternative credential has been specified in the input parameter and is used when the API is called.

Authentication types

The following authentication types can be configured within a Web API definition.:

None

The API does not require authentication.

Basic

Uses HTTP Basic Authentication to send a username and password from a selected credential in request headers. If required, and if the API supports it, select the Pre-emtively send the authorization header check box. Pre-emptive authorization sends the basic authentication response directly with the HTTP request rather than when responding to an unauthorized response.

Select the required credential from the drop-down list and if required, select Expose to process and enter a parameter name.

OAuth 2.0 (Client Credentials)

Makes a request to an authorization server with a client ID and secret. If the credentials are valid, an access token is returned which is used to authenticate the API request.

The authentication type is configured using the following fields:

Authorization URI – The address of the authorization server.
Credential – The name of the credential, in Credential Manager, that contains the Client ID and Client Secret that is used to get the access token from the authorization server
Parameter name – If the authentication is exposed to objects and processes, the name of the input parameter for actions.
Scope – The level of access requested from the authorization server that will be permitted by the token.

OAuth 2.0 (JWT Bearer Token)

This credential type is a form of OAuth 2.0 authentication using a JSON Web Token (JWT) to authenticate rather providing a client ID and secret as with standard OAuth 2.0. The request data, specifying who is requesting the information and their intended use, is sent to the authorization server as a signed JWT. If the JWT is valid, the server returns an access token that is used to authenticate the API request.

The following fields are used to create the request.

Algorithm – The algorithm used to sign the JWT – currently only the RSA SHA-256 algorithm type is supported.
Authorization URI – The address of the authorization server.
Audience – Used to identify the authorization server as the intended recipient of the token.
Scope – The level of access requested from the authorization server to be permitted by the token.
Subject – The Subject typically identifies the user for which the access token is being requested. Parameters can be used in this field.
JWT Expiry – The length of time after which the token is not accepted by the authorization server.
Credential – The credential, configured in Credential Manager, used to authenticate the request.
Parameter Name – If the authentication is exposed to objects and processes, the name of the input parameter for actions.

Bearer Token

This credential type caters for situations where the token has already been obtained and needs to be sent in the authorization header. This could be used to support situations whereby Blue Prism uses a different method, such as a code stage, to obtain the token.

The token is stored in a credential and referenced in an API definition. When used in request headers the token passed in the following format:

Authorization: Bearer <AccessToken>

For example, Authorization: Bearer FGRS5-PUUDW-NBC2Q-96UYR-QBDSY

Custom

Custom credentials allow bespoke authentication methods to be used in Blue Prism. For example, a custom credential could be used to authenticate using an API key or subscription key, stored securely in the password field of a credential. The credential, stored in Credential Manager can be passed into the API request as a parameter allowing it to be used in the request body, header, or URL.

For more information about using custom credentials, see Custom credentials.

	Click here to see the documentation for all Blue Prism products.
© 2024 Blue Prism Limited \| Last updated on 02 May 2024