08-03-2021 03:56 PM
I need to make a call to a rest api. The API is secured by an API key, so I only need to send “Authorization” along with the api key in the header. I would like to configure an Account, but I cannot find one that sends the Authorization header. If this is not possible, how can I secure the API key?
Solved! Go to Solution.
08-04-2021 08:51 AM
Disclaimer: This is a hack I just derived based on undocumented features mentioned in this post Passing credentials in JSON body to authorization endpoint. I’ve bounced this solution against httpbin.org, and it appears to work; but test and use at your own discretion.
Based on the mentioned post, you can access account.username and account.password from certain types of accounts. With this approach, you can secure your API key in the password field of an REST NTLM Account, add that account to your REST snap, then use account.password for the value of the Authorization header. (I use the NTLM account because it does not produce its own Authorization header.)
The REST NTLM Account would look something like this, with your real API key in the password field:
Add the Account to your REST snap:
Configure the Authorization header (with expression toggled on):
*** My bounce against httpbin.org produced these results
(Note: I used “realApiKey” in the password field of the account):
08-03-2021 11:46 PM
@mpstpierre you can pass authorization token from header param. Click on + icon corner of the header and add whatever value you want to pass.
08-04-2021 05:07 AM
Thank you for your reply. I was able to do this successfully; however I was trying to prevent displaying the API key directly in the pipeline. Using accounts you can create a Rest Basic Auth, OAUTH, etc, however it does not appear that one exists for just API Key. In my case the header should have “Authorization: 1234567” where 1234567 represents my API Key. If you use Rest Basic Auth, I believe it puts something like this in the header. ‘Authorization: Basic c29tZW5hbWU6MTIzNDU2Nw==’
08-04-2021 08:51 AM
Disclaimer: This is a hack I just derived based on undocumented features mentioned in this post Passing credentials in JSON body to authorization endpoint. I’ve bounced this solution against httpbin.org, and it appears to work; but test and use at your own discretion.
Based on the mentioned post, you can access account.username and account.password from certain types of accounts. With this approach, you can secure your API key in the password field of an REST NTLM Account, add that account to your REST snap, then use account.password for the value of the Authorization header. (I use the NTLM account because it does not produce its own Authorization header.)
The REST NTLM Account would look something like this, with your real API key in the password field:
Add the Account to your REST snap:
Configure the Authorization header (with expression toggled on):
*** My bounce against httpbin.org produced these results
(Note: I used “realApiKey” in the password field of the account):