<?xml version="1.0" encoding="UTF-8" ?>
<?xml-stylesheet type="text/xsl" href="https://community.appian.com/cfs-file/__key/system/syndication/rss.xsl" media="screen"?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:wfw="http://wellformedweb.org/CommentAPI/"><channel><title>Web API Authentication</title><link>https://community.appian.com/discussions/f/integrations/24709/web-api-authentication</link><description>There&amp;#39;s a clear explanation in Appian documentation that we can authenticate web api access in Appian through 3 ways - Basic, API Key and OAuth. 
 But, I still have some unclarity in two of them. Would really appreciate your help. 
 Basic Authentication</description><dc:language>en-US</dc:language><generator>Telligent Community 12</generator><item><title>RE: Web API Authentication</title><link>https://community.appian.com/thread/97461?ContentTypeID=1</link><pubDate>Thu, 07 Jul 2022 21:32:22 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:7bb0e89c-76d0-419d-a54d-54bc7eccd7b6</guid><dc:creator>thevarunbawa</dc:creator><description>&lt;p&gt;Thanks &lt;a href="/members/peter.lewis"&gt;Peter Lewis&lt;/a&gt;, that helped.&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: Web API Authentication</title><link>https://community.appian.com/thread/97394?ContentTypeID=1</link><pubDate>Wed, 06 Jul 2022 18:12:04 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:699a29a7-911f-4cc0-b7c5-f04ebc9affd4</guid><dc:creator>Peter Lewis</dc:creator><description>&lt;p&gt;Yes the credentials are just the username + password for the user account. See this sample for a request that uses basic authentication:&amp;nbsp;&lt;a href="https://docs.appian.com/suite/help/latest/Web_API_Authentication.html#basic-authentication"&gt;docs.appian.com/.../Web_API_Authentication.html&lt;/a&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: Web API Authentication</title><link>https://community.appian.com/thread/97367?ContentTypeID=1</link><pubDate>Wed, 06 Jul 2022 14:49:32 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:09dac230-3f4b-410b-9c85-9c713bc5ec62</guid><dc:creator>thevarunbawa</dc:creator><description>&lt;p&gt;Thanks &lt;a href="/members/peter.lewis"&gt;Peter Lewis&lt;/a&gt; for the elaborate response. Just one confusion, for basic authentication, what are the credentials do we provide to client/requestor, is it we create a new basic user account for them in the environment and provide those creds to access or is it something else?&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: Web API Authentication</title><link>https://community.appian.com/thread/95515?ContentTypeID=1</link><pubDate>Wed, 25 May 2022 20:39:37 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:b0a71872-ea6e-486b-b4d9-7138f68c7279</guid><dc:creator>Peter Lewis</dc:creator><description>&lt;p&gt;Keep in mind that authentication for APIs really means two things:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Ensuring the request authenticates using a valid Appian account&lt;/li&gt;
&lt;li&gt;Using Appian object level security to ensure that user has access to this Web API (and its precedent objects)&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;The reason that service accounts are needed for API keys is that all object-level security in Appian is configured using users + groups. So if someone authenticates using an API key, the user context used to evaluate whether they have access to the object or not is based on the service account.&lt;/p&gt;
&lt;p&gt;As far as basic authentication, there&amp;#39;s no configuration required in Appian to allow authenticating using basic auth - just provide the username and password as part of the request. There&amp;#39;s no way to disable using basic authentication (that I&amp;#39;m aware of), but you can still disable it in all practical senses by limiting the security on your Web API to only users in the service accounts group. Then, there wouldn&amp;#39;t be any users that could authenticate using basic authentication.&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: Web API Authentication</title><link>https://community.appian.com/thread/95504?ContentTypeID=1</link><pubDate>Wed, 25 May 2022 16:54:44 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:0fe4c43a-6253-4359-928d-9c948598b75a</guid><dc:creator>Stefan Helzle</dc:creator><description>&lt;p&gt;I highly recommend to read the documentation. It will answer most of your questions.&lt;/p&gt;
&lt;p&gt;While you cannot disable an authentication method, when you create a service user and use the API key, basic auth will not work for this user.&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item></channel></rss>