HTTPCaller and 'bearer token' authentication method
Hello forum,
I am working on a new API integration. I’ll be using HTTPCaller.
The provider has said that their authentication method is ‘bearer token’ However the options in HTTPCaller are Basic, Digest, NTLM, Web Connection, Single Sign-On.
Is one of the those options equivalent to bearer token?
I’m sorry but I do not understand what you are asking. Can you try again?
I think the problem is that that comment (“...I meant, should it be the API URL.” ) was sent after another comment of mine that is clearly still wuith the moderataors to publish. So, it came through first and therefore didn’t make sense.
In your screenshot you’ve added ‘Bearer d6f55...’. My question was, should the d6f55 bit be the API URL?
Thanks,
I think the problem is that that comment (“...I meant, should it be the API URL.” ) was sent after another comment of mine that is clearly still wuith the moderataors to publish. So, it came through first and therefore didn’t make sense.
In your screenshot you’ve added ‘Bearer d6f55...’. My question was, should the d6f55 bit be the API URL?
Thanks,
Ah, yes, that happens. Because of the spammers messages with url’s are suspicious.
The d6f55 bit is the token. A token is a key of random characters which the server uses to check if you are allowed to do the request.
Best practice when working with API’s and FME is to make it work in PostMan, and if it works, bring the configuration to the HTTPCaller.
Just to add a bit more - there is likely an end point somewhere in the API where you can generate token.
Usually this is the end point where you send the username and password and get back a token.
The token is what you use in subsequent calls to make use of the api. In part, so you don't have to keep sending you're username and password everywhere all the time. There can also be another benefit which is that you can limit the scope of a token to certain specific data or functions.
Your workspace(s) might start with a "Login" call which will give you back a token, this token can then be used in the Authorization header. After a while the token will expire and you'll have to generate a new one.
There are a few different ways token authentication can get implemented but it's often roughly the process outlined above.