Authentication Methods
Learn how to configure Authentication methods for API connections.
APIs require authentication to control access to their endpoints. GenerativeAgent’s API connections support the following authentication methods:
- Basic Authentication (username/password)
- Custom Header Authentication (API keys)
- OAuth 2.0 (Authorization Code and Client Credentials flows)
If your APIs require an authentication flow that is not supported by the default authentication methods, we can create a custom authentication method for you.
Create an Authentication Method
To Create an Authentication Method:
Navigate to API Integration Hub > Authentication Methods
Click 'Create Authentication Method'
Configure the Authentication Method
- Provide a name and description
- Select the Authentication Type matching your API’s requirements
- Configure the type-specific settings detailed in sections below
- Save the Authentication Method
Add to API Connection
In the API Connection’s API Source tab, select this Authentication Method for Sandbox or Production environments.
Basic Authentication
Basic authentication requires:
- Username
- Password
Custom Header
Custom headers add authentication data to API requests via HTTP headers. Common implementations include API keys and bearer tokens.
To configure a custom header, you need to:
- Optionally enable client authentication:
- Enable if you need to reference values from the client in a header.
- Set the client data validity duration.
- Reference client data using
{Auth.*}
- Header configuration:
- Header Name (e.g., “Authorization”, “X-API-Key”)
- Header Value (static value or dynamic client data)
- e.g.
{Auth.client_token}
- e.g.
OAuth
OAuth 2.0 provides delegated authorization flows. GenerativeAgent supports:
Required configuration:
-
Authorization Code reference
This is the location within the client data that contains the authorization code.
{Auth.authorization_code}
-
Client ID
-
Client secret
-
Token Request URL
-
Redirect URI
You can use a variable from the client data for the redirect URI.
{Auth.redirect_uri}
-
How the client authentication data is passed
- Basic Auth, or
- Request Body
-
One or more headers to be added to the request.
-
Header Name
-
Header Value
Use
{OAuth.access_token}
for the generated access token.You can also reference the client data in the header values, using the variable:
{Auth.[auth_data_key]}
.
-
Client Authentication Data
Some authentication flows require dynamic data from the client:
- OAuth authorization codes
- User-specific API keys
- Custom tokens
Client authentication data is provided through:
If you are using GenerativeAgent independently of ASAPP Messaging, this Auth data is passed via the /authenticate
endpoint.
Client Authentication Session
Any authentication method that requires client data will store the auth data for the session.
If the underlying API returns a 401
, we will require new client authentication data for the session. This is communicated in the GenerativeAgent event stream as an authenticationRequested
event.
Custom Authentication Methods
If your API requires an authentication flow not supported by our default methods, we can work with you to create a custom solution.
Contact your ASAPP account team to discuss your custom authentication requirements. We’ll work with you to build and implement the solution.
Using Custom Authentication Methods
Custom authentication methods work the same way as standard methods:
- They appear in your authentication method list
- Can be selected when configuring API connections
- Support both sandbox and production environments
Custom authentication methods are read-only configurations. To modify an existing custom authentication method, please work with your ASAPP account team.
Was this page helpful?