Authentication Methods

2 Minutes to read

Print
Share
Dark
Light
PDF

Authentication Methods

2 Minutes to read

Print
Share
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback!

Blueprint Available in private preview!

We are excited to announce that our new Blueprint engine are now available to a select group of preview customers!

If you're interested in joining the private preview, click here to request access.

# Authentication in Rivery

Overview

This guide explains how to authenticate your API connections in Rivery using various authentication methods. Rivery supports OAuth 2.0, basic authentication, bearer tokens, and provides secure token management for all methods.

Supported Authentication Methods

Method	Use Case
basic_http	Simple username/password authentication
bearer	Static bearer tokens
oauth2	Secure token-based flows (e.g., client credentials, refresh token, etc.)

Authentication Parameters

Purpose: Manage secure API connections.

Authentication parameters define how a connector will authenticate API calls. These can include basic authentication, token-based authentication, or Bearer token authentication.

Basic Authentication Example

- name: "connectToAPI"
  type: "authentication"
  auth_type: "basic_http"
  fields:
    - name: "username"
      type: "string"
      value: "your_rivery_mail"
    - name: "password"
      type: "string"
      value: "look at 1password"

Token-Based Authentication Example

- name: "connectToAPI"
  type: "authentication"
  auth_type: "bearer"
  fields:
    - name: "bearer_token"
      type: "string"
      value: "your_bearer_token"

How It Works in YAML:

The connectToAPI parameter contains authentication details.
The fields section includes credentials such as usernames, passwords, API keys, or tokens.
The auth_type specifies the authentication method (basic_http, bearer, etc.).

OAuth 2.0 Authentication

Rivery supports multiple OAuth 2.0 flows and automatically manages token acquisition, refresh, and injection into your API calls.

Supported OAuth 2.0 Flows

Flow	When to Use
client_credentials	Server-to-server APIs (no user login)
refresh_token	Long-running user-authorized applications
authorization_code	Applications with user login & redirection

OAuth2 YAML Configuration Example

Client Credentials

interface_parameters:
  section:
    source:
      - name: "my_api_auth"
        type: "authentication"
        auth_type: "oauth2"
        oauth2_settings:
          grant_type: "client_credentials"
          token_url: "https://auth.example.com/token"
          is_basic_auth: false
        fields:
          - name: "client_id"
            type: "string"
            value: "your_client_id"
          - name: "client_secret"
            type: "string"
            value: "your_client_secret"
            is_encrypted: true

With Basic Auth

oauth2_settings:
  grant_type: "client_credentials"
  token_url: "https://api.example.com/token"
  is_basic_auth: true

Refresh Token

oauth2_settings:
  grant_type: "refresh_token"
  token_url: "https://auth.example.com/token"
fields:
  - name: "refresh_token"
    value: "your_refresh_token"
    is_encrypted: true

Authorization Code

oauth2_settings:
  grant_type: "authorization_code"
  token_url: "https://auth.example.com/token"
fields:
  - name: "code"
    value: "your_auth_code"
  - name: "redirect_uri"
    value: "https://yourapp.com/callback"

OAuth2 Parameter Reference

OAuth2 Settings

Key	Required	Description
grant_type	Yes	OAuth flow type (client_credentials, refresh_token, authorization_code)
token_url	Yes	URL to obtain the access token
is_basic_auth	No	Sends client credentials via Authorization header (default: false)

Fields

Name	When Required	Description
client_id	Always	Your app's client ID
client_secret	Always	Your app's client secret
refresh_token	For refresh_token flow	Token obtained from previous login
code	For authorization_code	Code received after redirect login
redirect_uri	For authorization_code	Redirect URI used in authentication

Security & Token Handling

Rivery automatically refreshes tokens before they expire.
Supports token expiry detection via expires_in, exp, or expires_at.
If no expiry is defined, the default is 1 hour.

Encrypt Your Secrets

Always mark secrets as encrypted:

- name: "client_secret"
  value: "your_secret"
  is_encrypted: true

Basic Auth Format

Without Basic Auth

grant_type=client_credentials&client_id=xxx&client_secret=yyy

With Basic Auth

Authorization: Basic base64(client_id:client_secret)
grant_type=client_credentials

Error Messages & Fixes

Error	Fix
Token refresh failed	Verify your refresh token
Refresh token required	Ensure `refresh_token` field is present
Connection issue	Check token URL or network configuration

Best Practices

Always set is_encrypted: true for sensitive values like client_secret and refresh_token.
Use descriptive name fields for maintainability.
Test with a static token first to validate base connectivity before configuring full OAuth.
Document which authentication type is required for each connector clearly.

Was this article helpful?

What's Next

Interface Parameters

Table of contents

Overview
Supported Authentication Methods
Authentication Parameters
OAuth 2.0 Authentication
OAuth2 Parameter Reference
Security & Token Handling
Error Messages & Fixes
Best Practices