Authorization schemes

Authorization schemes can be applied to operations to set what kind of authorizations are required to use the operation. When there are schemes defined they can be applied to operations simply by clicking the "ADD" button:

You can also apply an authorization on all children of a given container by selecting the container and then right clicking on it and selecting "Authorization->Apply authorization to all children".

But first you have to define the schemes. There are three kinds of schemes that can be used.


OAuth2 is currently mainly for documentation purposes. There is no requirement to configure this, it will have no impact at runtime. If you import a swagger specification, that specification can contain this information, and it is good to keep track of. It certainly does not hurt to specify OAuth2.


REST API:s often require an API key. Typically it is sent either via a query parameter or as a header. You can specify this yourself on the operation, adding the query parameter or header manually. There certainly are cases when this is a good idea. One example is when you want the api key to be associated with the Flow user. You can then set the api key per flow user and in machine step do like this:

You can also set the parameter as a 'Constant', effectively hiding it from the workflow designer. But then the key is hard coded in the connector, which of course could be problematic.

If you want the API key to be configurable in connector configuration you have to apply an API key scheme on applicable operations. Start by creating a new API key:

Provide a Name for the API Key. This is how you want to identify the key. You can provide description for documentation purposes, but that is not required. "API key name" is required and is what the REST API expects the parameter name to be. Finally you have to define whether the key is sent as a query parameter or as a header.

Once the API key has been defined it can be applied to operations as described above.

Finally, after creating the connector, API keys can be set in connector config.

The key will then be applied to all operations that uses the scheme in runtime.

Basic authorization

Another common way for an API to authorize requests is by the use of The 'Basic' Authentication Scheme.

If the API requires this you must add that scheme to the project and apply it to all operations that should use it. There is nothing more to configure in REST Project Tool, all configuration is done in Flow Studio.

Either you set the username and password in the connector config:

Or you can leave it empty and define it per Flow user:

Last updated