Best answer

Authentication: Combination of Session Auth and Basic Auth

  • 5 February 2021
  • 2 replies
  • 40 views

Userlevel 3
Badge +4

Here’s an interesting Authentication approach.  This App requires a combination of Basic Auth and Session Auth.  Per the documentation https://api2docs.rfms.online/#auth-info-e78eadda-8135-40e5-8fa3-e24bfc70c0f8, the following must occur:

  1. Call the "Begin session" method (below) using HTTP Basic Auth to generate a session token.
    REQUEST
    URL: https://api.rfms.online/v2/session/begin
    Method: POST
    Basic Auth:  username:password (in base64)

    RESPONSE

    {

        "storeId": "xxxxxx167b8",

        "authorized": true,

        "sessionToken": "rfmsapi-xxxxxxxf9a5d0590",

        "sessionExpires": "Fri, 05 Feb 2021 12:25:27 GMT"

    }

    The session token can be used for a limited time. It will expire automatically but is extended each time a method is called. 
     
  2. The session token is sent with all API requests as the password using HTTP Basic Auth. User name should be set using the same user name you used in the first step.
    REQUEST
    URL: https://api.rfms.online/v2/customers
    Method: GET
    Basic Auth:  sessionToken:password (in base64)

    RESPONSE
    JSON for customer Object

Here is my challenge.  I have set this up in Zapier Visual Builder (UI) as Session Auth. 

The “Configure a Token Exchange Request” works perfectly and returns the SessionToken as expected.

200 POST https://api.rfms.online/v2/session/begin


Unfortunately, I never get to the “Test Request & Connection Label” part.  After the Get session token, the following steps occur and fail:

  1. authentication.sessionConfig.perform

    INPUT
    {"authData": {"password": ":censored:32:125052e10d:", "username": ":censored:38:d0b0b19112:", "sessionToken": ""}, "inputData": {}, "meta": {"isLoadingSample": false, "isFillingDynamicDropdown": false, "isTestingAuth": false, "isPopulatingDedupe": false, "limit": -1, "page": 0, "zap": {"help": ["This data structure is provided for backwards compatibility,", "and should not be relied upon in a Zapier integration."], "id": 25548371, "link": "https://zapier.com/app/editor/25548371", "live": true, "name": "A Zap,…

    OUTPUT
    {}
     
  2. TEST StaleAuthentication No authentication fields returned when refreshing session.
  3. READ StaleAuthentication No authentication fields returned when refreshing session

Not knowing the flow of Session Auth, I am unclear on what is occurring or why.  Any help is appreciated.
 

icon

Best answer by Zane 5 February 2021, 16:50

That auth scheme is doable, but it’s a little outside the box. 

First thing to confirm: Are you dropping into code mode and constructing that auth token? You’ll need to build that base64 encoded session key:password yourself in code - and then pass that token you build into each request.  

This might be easier to manage in the CLI, where you can share code across the app, and leverage http middleware.  

Also, saw something in your message that might indicate another issue.  Should the session token be populated here?

 

View original

2 replies

Userlevel 4
Badge +7

That auth scheme is doable, but it’s a little outside the box. 

First thing to confirm: Are you dropping into code mode and constructing that auth token? You’ll need to build that base64 encoded session key:password yourself in code - and then pass that token you build into each request.  

This might be easier to manage in the CLI, where you can share code across the app, and leverage http middleware.  

Also, saw something in your message that might indicate another issue.  Should the session token be populated here?

 

Userlevel 3
Badge +4

@Zane Thanks for the response...I noticed the SessionToken as well.  That was the issue.  All fixed.

Reply