APIs require authentication to control access to their endpoints. GenerativeAgent’s API connections support the following authentication methods:

  • Basic Authentication (username/password)
  • Custom Header Authentication (API keys)
  • OAuth 2.0 (Authorization Code and Client Credentials flows)

If your APIs require an authentication flow that is not supported by the default authentication methods, we can create a custom authentication method for you.

Create an Authentication Method

To Create an Authentication Method:

1

Navigate to API Integration Hub > Authentication Methods

You may also create an Authentication Method when specifying the API Connection’s API Source.
2

Click 'Create Authentication Method'

3

Configure the Authentication Method

  • Provide a name and description
  • Select the Authentication Type matching your API’s requirements
  • Configure the type-specific settings detailed in sections below
  • Save the Authentication Method
4

Add to API Connection

In the API Connection’s API Source tab, select this Authentication Method for Sandbox or Production environments.

Basic Authentication

Basic authentication requires:

  • Username
  • Password

Custom Header

Custom headers add authentication data to API requests via HTTP headers. Common implementations include API keys and bearer tokens.

To configure a custom header, you need to:

  1. Optionally enable client authentication:
    • Enable if you need to reference values from the client in a header.
    • Set the client data validity duration.
    • Reference client data using {Auth.*}
  2. Header configuration:
    • Header Name (e.g., “Authorization”, “X-API-Key”)
    • Header Value (static value or dynamic client data)
      • e.g. {Auth.client_token}

OAuth

OAuth 2.0 provides delegated authorization flows. GenerativeAgent supports:

Required configuration:

  • Authorization Code reference

    This is the location within the client data that contains the authorization code.

    {Auth.authorization_code}

  • Client ID

  • Client secret

  • Token Request URL

  • Redirect URI

    You can use a variable from the client data for the redirect URI. {Auth.redirect_uri}

  • How the client authentication data is passed

    • Basic Auth, or
    • Request Body
  • One or more headers to be added to the request.

    • Header Name

    • Header Value

      Use {OAuth.access_token} for the generated access token.

      You can also reference the client data in the header values, using the variable: {Auth.[auth_data_key]}.

Client Authentication Data

Some authentication flows require dynamic data from the client:

  • OAuth authorization codes
  • User-specific API keys
  • Custom tokens

Client authentication data is provided through:

If you are using GenerativeAgent independently of ASAPP Messaging, this Auth data is passed via the /authenticate endpoint.

Client Authentication Session

Any authentication method that requires client data will store the auth data for the session.

If the underlying API returns a 401, we will require new client authentication data for the session. This is communicated in the GenerativeAgent event stream as an authenticationRequested event.

Custom Authentication Methods

If your API requires an authentication flow not supported by our default methods, we can work with you to create a custom solution.

Contact your ASAPP account team to discuss your custom authentication requirements. We’ll work with you to build and implement the solution.

Using Custom Authentication Methods

Custom authentication methods work the same way as standard methods:

  • They appear in your authentication method list
  • Can be selected when configuring API connections
  • Support both sandbox and production environments

Custom authentication methods are read-only configurations. To modify an existing custom authentication method, please work with your ASAPP account team.