This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Rest API with API Key Only

Go to solution
mpstpierre
New Contributor

‎08-03-2021 03:56 PM

I need to make a call to a rest api. The API is secured by an API key, so I only need to send “Authorization” along with the api key in the header. I would like to configure an Account, but I cannot find one that sends the Authorization header. If this is not possible, how can I secure the API key?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
del
Contributor III

‎08-04-2021 08:51 AM

@mpstpierre,

Disclaimer: This is a hack I just derived based on undocumented features mentioned in this post Passing credentials in JSON body to authorization endpoint. I’ve bounced this solution against httpbin.org, and it appears to work; but test and use at your own discretion.

Based on the mentioned post, you can access account.username and account.password from certain types of accounts. With this approach, you can secure your API key in the password field of an REST NTLM Account, add that account to your REST snap, then use account.password for the value of the Authorization header. (I use the NTLM account because it does not produce its own Authorization header.)

  • The REST NTLM Account would look something like this, with your real API key in the password field:
    image

  • Add the Account to your REST snap:
    image

  • Configure the Authorization header (with expression toggled on):
    image

*** My bounce against httpbin.org produced these results
(Note: I used “realApiKey” in the password field of the account):
image

View solution in original post

3 REPLIES 3

Go to solution
Supratim
Contributor III

‎08-03-2021 11:46 PM

@mpstpierre you can pass authorization token from header param. Click on + icon corner of the header and add whatever value you want to pass.

image

0 Kudos

Go to solution
mpstpierre
New Contributor
In response to Supratim

‎08-04-2021 05:07 AM

Thank you for your reply. I was able to do this successfully; however I was trying to prevent displaying the API key directly in the pipeline. Using accounts you can create a Rest Basic Auth, OAUTH, etc, however it does not appear that one exists for just API Key. In my case the header should have “Authorization: 1234567” where 1234567 represents my API Key. If you use Rest Basic Auth, I believe it puts something like this in the header. ‘Authorization: Basic c29tZW5hbWU6MTIzNDU2Nw==’

0 Kudos

Go to solution
del
Contributor III

‎08-04-2021 08:51 AM

@mpstpierre,

Disclaimer: This is a hack I just derived based on undocumented features mentioned in this post Passing credentials in JSON body to authorization endpoint. I’ve bounced this solution against httpbin.org, and it appears to work; but test and use at your own discretion.

Based on the mentioned post, you can access account.username and account.password from certain types of accounts. With this approach, you can secure your API key in the password field of an REST NTLM Account, add that account to your REST snap, then use account.password for the value of the Authorization header. (I use the NTLM account because it does not produce its own Authorization header.)

  • The REST NTLM Account would look something like this, with your real API key in the password field:
    image

  • Add the Account to your REST snap:
    image

  • Configure the Authorization header (with expression toggled on):
    image

*** My bounce against httpbin.org produced these results
(Note: I used “realApiKey” in the password field of the account):
image