• State Verified Answer
  • Replies 5 replies
  • Subscribers 7 subscribers
  • Views 2241 views
  • Users 0 members are here
Related Discussions
Home » Discussions » Integrations

Web API Authentication

varunbawa
Certified Senior Developer

There's a clear explanation in Appian documentation that we can authenticate web api access in Appian through 3 ways - Basic, API Key and OAuth.

But, I still have some unclarity in two of them. Would really appreciate your help.

Basic Authentication - Need complete details on this type of authentication. How can we configure it in Appian. I know the way how web API can be consumed using these credentials but not configuration settings in Appian. Please clarify.

API Key - What is the real use of creating a Service Account in generating API key. How service account is connected to a web API and third party which is calling web API. How the actual flow and security settings work using this authentication when third party system submits the API call?

Also, is Basic Authentication in Appian enabled by default. Can I disable it if I don't want to follow this method, can we have basic and API key authentication both in Appian configurations but use one of them?

Thanks

  Discussion posts and replies are publicly visible

Parents
  • +1
    Appian Employee

    Keep in mind that authentication for APIs really means two things:

    • Ensuring the request authenticates using a valid Appian account
    • Using Appian object level security to ensure that user has access to this Web API (and its precedent objects)

    The reason that service accounts are needed for API keys is that all object-level security in Appian is configured using users + groups. So if someone authenticates using an API key, the user context used to evaluate whether they have access to the object or not is based on the service account.

    As far as basic authentication, there's no configuration required in Appian to allow authenticating using basic auth - just provide the username and password as part of the request. There's no way to disable using basic authentication (that I'm aware of), but you can still disable it in all practical senses by limiting the security on your Web API to only users in the service accounts group. Then, there wouldn't be any users that could authenticate using basic authentication.

Reply
  • +1
    Appian Employee

    Keep in mind that authentication for APIs really means two things:

    • Ensuring the request authenticates using a valid Appian account
    • Using Appian object level security to ensure that user has access to this Web API (and its precedent objects)

    The reason that service accounts are needed for API keys is that all object-level security in Appian is configured using users + groups. So if someone authenticates using an API key, the user context used to evaluate whether they have access to the object or not is based on the service account.

    As far as basic authentication, there's no configuration required in Appian to allow authenticating using basic auth - just provide the username and password as part of the request. There's no way to disable using basic authentication (that I'm aware of), but you can still disable it in all practical senses by limiting the security on your Web API to only users in the service accounts group. Then, there wouldn't be any users that could authenticate using basic authentication.

Children
© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.