Rest API with API Key Only

I need to make a call to a rest api. The API is secured by an API key, so I only need to send “Authorization” along with the api key in the header. I would like to configure an Account, but I cannot find one that sends the Authorization header. If this is not possible, how can I secure the API key?

REST

del
4 years ago
@mpstpierre,

Disclaimer: This is a hack I just derived based on undocumented features mentioned in this post Passing credentials in JSON body to authorization endpoint. I’ve bounced this solution against httpbin.org, and it appears to work; but test and use at your own discretion.

Based on the mentioned post, you can access account.username and account.password from certain types of accounts. With this approach, you can secure your API key in the password field of an REST NTLM Account, add that account to your REST snap, then use account.password for the value of the Authorization header. (I use the NTLM account because it does not produce its own Authorization header.)

The REST NTLM Account would look something like this, with your real API key in the password field:

Add the Account to your REST snap:

Configure the Authorization header (with expression toggled on):

*** My bounce against httpbin.org produced these results
(Note: I used “realApiKey” in the password field of the account):

3 Replies

del
Contributor III
4 years ago
@mpstpierre,

Disclaimer: This is a hack I just derived based on undocumented features mentioned in this post Passing credentials in JSON body to authorization endpoint. I’ve bounced this solution against httpbin.org, and it appears to work; but test and use at your own discretion.

Based on the mentioned post, you can access account.username and account.password from certain types of accounts. With this approach, you can secure your API key in the password field of an REST NTLM Account, add that account to your REST snap, then use account.password for the value of the Authorization header. (I use the NTLM account because it does not produce its own Authorization header.)

The REST NTLM Account would look something like this, with your real API key in the password field:

Add the Account to your REST snap:

Configure the Authorization header (with expression toggled on):

*** My bounce against httpbin.org produced these results
(Note: I used “realApiKey” in the password field of the account):
Supratim
Contributor III
4 years ago

mpstpierre:

rization” along with the api key in

@mpstpierre you can pass authorization token from header param. Click on + icon corner of the header and add whatever value you want to pass.
- mpstpierre
  New Contributor
  4 years ago
  Thank you for your reply. I was able to do this successfully; however I was trying to prevent displaying the API key directly in the pipeline. Using accounts you can create a Rest Basic Auth, OAUTH, etc, however it does not appear that one exists for just API Key. In my case the header should have “Authorization: 1234567” where 1234567 represents my API Key. If you use Rest Basic Auth, I believe it puts something like this in the header. ‘Authorization: Basic c29tZW5hbWU6MTIzNDU2Nw==’

Forum Discussion

Rest API with API Key Only

3 Replies

Recent Discussions

SFTP: Worked ok then settings changed not not working

SQS Consumer snap is ready all message at pipeline startup

Salesforce Update REST API Throughput

Using Windows Authentication with SQL Server Accounts

Preview not available for Flow snaps