Connect and authenticate with an API
Some services or data sources require you authenticate Identifying the requestor of the API using techniques such as a username and password, an API key, or OAuth2.0. to their system in order to perform operations A single request to a third-party API. Operations often become actions in the workflow designer.. The types of authentication accepted by the API A programming interface that defines how software can be interacted with by other software. is declared in the OpenAPI Specification A standard, language-agnostic description of RESTful APIs that can be read by both humans and machines. Formerly known as Swagger., in the security object. The authentication methods supported by Nintex Xtensions are:
- no authentication
- basic authentication Identifying the API requestor using a username and password passed in the HTTP header.
- API key authentication An authorization code passed in an API request, either inside the header or as a parameter, to identify the requester.
- OAuth2.0 A two-step authorization protocol that both identifies the requestor, and allows a user to grant access to a third-party account without revealing their credentials to the requesting software.
You can also define additional properties to be specified when the connection is created, and use the same security credentials with other hosts or basePaths in individual operations.
Authentication for Xtensions A set of instructions for Nintex Automation Cloud to use third-party API functionality with Nintex workflows. An Xtension may include workflow actions, start events, forms or file control. consists of three components:
Security objects are defined within a securityDefinitions object, and then referenced inside the HTTP method object of every operation that requires authentication. They declare which authentication method an operation should use, if any.
Note: Nintex Xtensions only supports one authentication type per OpenAPI Specification. If the API you want to import supports multiple authentication methods, select one to use in your OpenAPI Specification.
Security templates record any additional security information required while importing the Xtension into Nintex Automation Cloud, such as the client ID and shared secret for OAuth2 authentication.
Nintex Automation Cloud automatically provides the correct security template for the authentication type defined in the OpenAPI Specification.
In Nintex Automation Cloud, authentication credentials for both Nintex connectors and Xtension are stored in connections The stored authorization credentials for a connector.. If a connector requires authentication, workflow designers must create a connection before they can use the actions A task that can be performed or triggered within a workflow, such as moving a file, sending an email, or using third-party API functionality.. Nintex Automation Cloud detects the method of authentication declared in the OpenAPI Specification, and provides the correct fields required to establish the connection.
For Xtensions, a connection can be created while configuring the action.
See Create a connection.
If you are creating an Xtension for an on-premises application, we recommend using Nintex Gateway to handle secure connections. If you are not using Nintex Gateway, you may need to configure your firewall to allow IP addresses related to Xtensions and Nintex Automation Cloud. See the Nintex platform allowlist.
- Authenticate with a username and password: Basic authentication.
- Authenticate with an API key: API key authentication.
- Authenticate using the accessCode OAuth2.0 authentication flow: OAuth 2.0 authentication.
- Validate connections when they're created: x-ntx-connection-validation.
- Collect custom properties when the connection is created: x-ntx-connection-properties.
- Use the same security credentials with a different host for specific operations: x-ntx-host.
- Use the same security credentials with a different basePath for specific operations: x-ntx-basePath.
- Integrate with an on-premises application via Nintex Gateway: Integrate on-premises applications via Nintex Gateway.
Create a new GitHub repository and post an issue using Basic authentication.
Use API key authentication to convert currency and create an automatic international purchase approval workflow.
Use OAuth2 authentication to create a new task list in the Google Tasks of the connected user.