Authentication is a crucial aspect of securing access to various resources, including APIs. In this article, we'll explore the different authentication methods in Actions and how they work.
When creating an Action you must choose an authentication method. In the API documentation of the tool you want to connect, you will find what authentication method applies.
Below you will find an explanation of the different authentication methods.
1. No Authentication
Description: No authentication means no credentials or keys are required to connect. It's an open-door policy where anyone can access the resource without restrictions.
Example: Imagine a public park where everyone is welcome to enter and enjoy the facilities without needing to show any identification or membership card.
2a. API Key with Bearer Authentication
Description: API key authentication involves providing a unique code (API key) to access the resource. Bearer authentication adds an additional layer of security by presenting the API key in a specific format, asserting the bearer's identity.
Example: Think of a membership card (API key) that you carry, but instead of just showing the card, you say, "I am an esteemed guest (bearer)", indicating your privileged status and gaining entry with confidence.
2b. API Key with Custom Authentication
Description: Custom authentication allows for a specialized way of identifying yourself, often involving additional information sent alongside the API request in headers or query parameters. These headers or parameters contain special signals or codes that complement your API key, providing further proof of identity.
Example: In custom authentication, you have the option to add extra information to your API request in two main ways: adding to headers or adding to query parameters. Both methods serve the same purpose of enhancing authentication but differ in how the information is transmitted.
-
Add to Headers: This method involves including additional information in the headers of the API request. Headers are used to transmit metadata about the request, such as authentication tokens or session identifiers.
-
Add to Query Parameters: Alternatively, you can add extra information to the query parameters of the API request. Query parameters are appended to the URL and are visible in the request's URL string
It's important to note that both adding to headers and adding to query parameters have a limit of 10 headers or parameters per request.
3. Basic Authentication
Description: Basic authentication involves providing a username and password to access the resource.
Example: Basic authentication is like presenting your username and password at a checkpoint to gain entry.