OAuth, which stands for Open Authorization, and Its an open standard authorization protocol or framework which enables third-party services to interchange our data without providing their username or password. OAuth is a delegated open standard authorization framework for REST/APIs. It allows applications to acquire limited access to a user’s data without providing the username and password.
OAuth does not share password data but instead uses authorization tokens to prove an identity between consumers and service providers. OAuth is mainly designed to work with Hypertext Transfer Protocol (HTTP), OAuth will allow access tokens to be issued to third-party clients by an authorization server.
For reference https://auth0.com/docs/protocols/protocol-oauth2
The importance of OAuth
Securing the Application Program Interfaces (API) is very important in the business aspect because APIs have become key to programming web-based interactions. For example, Businesses will use APIs to connect services and pass data. Suppose if we have not implemented security vulnerabilities, there is a high possibility for data breaches. It will expose more sensitive data for business consumption. By using the OAuth authorization, we will prevent malicious attacks or misuse of APIs.
How OAuth work in Atomic Scope
First, OAuth is mainly working based on access token and as of now, we have implemented OAuth authentication only for tracking activities APIs in Atomic Scope. In case if you are accessing Atomic Scope APIs from a different server, you can make use of this Token-based authentication to post activities.
Since Atomic Scope is implemented by the windows authentication only windows users can access the application and from this version (V8) onwards non-windows users also can access the tracking activities by using an OAuth access token.
For accessing tracking activities APIs by OAuth access token the user must send the access token in the request. Below are the steps to generate an OAuth access token and how to use it.
- In postman, to generate an access token you must add Authorization type as “NTML Authentication [Beta]” with username and password as shown in the below image.
- In the body section, you must choose x-www-form-urlencoded and give grant_type key value as password as shown in the below image.
- Now send the request and Atomic Scope will validate the given credentials if it is a valid windows user Atomic Scope will send a response as shown in the below image.
Only admin users can generate the token via their windows credentials inside the Atomic Scope installation server. Once the access token is generated, the admin user can give this access token to the non-windows user to get access to the tracking activities by the OAuth access token. Now users can access the tracking activities by using OAuth access token from third-party servers instead of providing any username or password.
Below is the step to access the tracking activities by using an OAuth access token.
- To access the Atomic Scope Tracking APIs you have to add Authorization type as Bearer Token and pass the generated token as shown in the below image.
An access token has an expiry time of thirty days, so the generated token will not be used after its expiry, and if you modify the token also will not work. Once the access token got expired you must request the admin user to generate a new access token to get access tracking activities.
OAuth Authentication can only be used to consume trackingv2/activities route. Using this access token, no other APIs of Atomic Scope can be accessed.
Atomic Scope is implemented by windows authentication mechanism which means only windows users can access the application inside the Atomic Scope installation server by their windows credentials. Since tracking activities is the core functionality in Atomic Scope few customers requested to implement any API authentication so that they do not want to access the tracking activities from the Atomic Scope installed windows server.
From this V8 users can get access the tracking activities via a third-party service without providing windows credentials. In the earlier version, only Windows users can access the tracking activities, and now by the implementation of OAuth authentication non-windows users also can get access to the tracking activities by giving the generated OAuth access token, so this is a very useful feature for the non-windows user.
In this article, we have given you an overview of OAuth authentication and provided you with some guidelines about the usage of OAuth authentication. On top of that, we have also shortly explained how OAuth access token can help you to access tracking activities from different servers without providing the windows credentials.
Do you want to know more about Atomic Scope? Feel free to reach out to us email@example.com to have an open conversation, without any obligations. We would also be happy to show you the product during a demo. Alternatively, you could try the product yourself by taking a free trial for a limited time.