AppZen’s external APIs support API key-based authentication (OAuth1.0). To provide additional security, AppZen supports OAuth 2.0.
OAuth 1.0 Authentication
OAuth ("Open Authorization") provides clients a "secure delegated access" to server resources.
In this case, AppZen uses an API-Key mechanism to validate calls to the API (OAuth 1.0). It uses the customer_id and API key combination to allow access to the public APIs.
Authentication for these APIs is done based on the following fields provided by the AppZen Support team.
- customer_id: You will be provided with a unique value for this field.
- x-api-key: You will be provided with a unique value for this field. The same value is used by all the customers belonging to a particular integration.
- customer-key: You will be provided with a unique value for this field.
OAuth 2.0 Authentication
For Expense Audit external APIs the authentication type we used until now was API key-based authentication. Now we have extended our support to OAuth 2.0 Authentication to access these below-mentioned APIs:
- Ingestion API
- Expense Audit Results API
- Audit Action API
OAuth 2.0 is the industry standard authentication process. We are upgrading to OAuth 2.0 as it adds an additional layer of security, it is time limited and OAuth2 token includes specific API in scope instead of all.
In this case, all requests to AppZen APIs are authenticated using OAuth 2.0 access token.
The following diagram depicts the steps involved.
The Self-service credential generation now supports OAuth 2.0 for AppZen products. The introduction of OAuth 2.0 is for users opting for direct API based integration for their deployments, and for existing users with API Key based authorization. A new UI will be visible under the integration dropdown with the name ‘API Credentials’ from where API credentials can be generated without raising a support ticket. Currently, AppZen enables users with a System Admin Role to generate and regenerate these credentials.
Request for OAuth 2.0 token
You need to generate an access token to AppZen's API gateway for authentication and validation. For this, refer to Token Generation.
You need to send subsequent requests with the Authorization HTTP header value as Bearer <oauth2-access-token>.
- We plan to deprecate OAuth 1.0 support soon.