Request authentication

Table of contents

  • Introduction
  • Guide

Introduction

There are standard authentication methods for accessing web services, such as OAuth, JWT, Basic authentication, etc. However, there are also systems that don’t use the standard methods for authentication. For instance, a system requires you to send a POST request to get the token, and it should be included in every request for the resources.

For example, Sylius’s Shop API requires you to send a POST request to /api/v2/shop/customers/token with a JSON payload. The JSON should contain the email and password of the shop user. The cURL syntax of the request is below.

curl -X 'POST' \
    'https://master.demo.sylius.com/api/v2/shop/customers/token' \
    -H 'accept: application/json' \
    -H 'Content-Type: application/json' \
    -d '{
    "email": "shop.user@example.com",
    "password": "pa$$word"
}'

Then, we should include the token within the header of the HTTP requests to the resource endpoints.

curl -X 'METHOD' \
    'api-url' \
    -H 'accept: application/ld+json' \
    -H 'Authorization: Bearer token'

In Alumio, we support this kind of custom authentication method. The authentication method is called Request Authentication. By default, this method will always send an authentication request it sends a request to other endpoints. However, you can cache the authentication token to avoid sending an authentication request every time it calls an authenticated endpoint.

NOTE: This authentication method only supports putting the token in a header. We currently don’t support putting the token in query parameters or payload of HTTP requests.

Guide

Step 1: Go to HTTP authentications > Create a new HTTP authentication.

Step 2: Select “Request authentication” from the list of Settings.

Step 3: Fill in the Request URI.

Step 4: Fill in the Request method.

Step 5: Select the Request encoder.

Step 6: Fill out the Request parameters field with the request payload.

Step 7: Select the Response decoder.

Step 8: Select the HTTP Client.

Step 9: Fill in the Header name, which refers to the name of the header that will hold the token. For example, Authorization.

Step 10: Select the source of the token from the response.

  • If you select Headers, fill in the name of the response header that holds the token.

  • If you select Cookies, fill in the name of the cookie from the response.

  • If you select Request body, fill in the Template that will be the value of the header configured in Step 9.

Step 11: (Optional) Check the option “Enable caching of the authentication header” to avoid sending an authentication request every time it calls an authenticated endpoint.