Connecting to REST with OAuth 2.0
OAuth 2.0 is an authorization protocol that allows applications to access user data from other services without sharing the user’s credentials. It enables users to securely grant limited access to their resources on one service to another application.
This connector allows you to configure static REST authenticated connections that you can reuse on other parts of the platform where a REST connection to the connected REST API service is required.
In this article:
- Connecting to REST with OAuth 2.0
- What is OAuth 2.0?
- Why is a Connection required?
- Adding a REST Connection
- Authenticating
- Adding an Auth Request Connection
- Adding an OAuth 2.0 Connection
What is OAuth 2.0?
OAuth 2.0, which stands for “Open Authorization,” is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. It replaced OAuth 1.0 in 2012 and is now the de facto industry standard for online authorization. OAuth 2.0 provides consented access and restricts the client app’s actions on resources on behalf of the user without ever sharing the user’s credentials.
Why is a Connection required?
A Connection is required to allow Forms On Fire to communicate with your OAuth 2.0 account before you can successfully add Form Connectors to push data or pull data with Data Source Connectors from other platforms.
- Rest Field
- Rest Form Connector
- Rest Data Source Connector
- Rest External User Connector
Adding a REST Connection
The Connected Data area of the platform is where you can add connections for connectors. Navigate the side menu to Connected Data > Connections.
On the Connections page:
- Click the ADD CONNECTION button in the top-right-hand corner to bring up a list of connections.
- Click on the REST option.
Authenticating
Once you’ve added the REST connection, you can configure either a regular Auth Request connection or an OAuth 2.0 connection that can be reused by any other form that requires the same connection.
You can select which authentication method your REST Connection will support by selecting the appropriate one, as shown in the screenshot above.
Adding an Auth Request Connection
This option allows you to configure a REST connection that utilizes either API key-based authentication, Basic authentication, or Token-based authentication. You can configure these authentication methods here for reuse on other forms or data source connectors you wish to use.
Target URL
Enter the request destination URL.
If you wish to substitute part of this URL with the Global Forms REST URL, you can use the {{GLOBAL}} placeholder. e.g. {{GLOBAL}}/api/endpoint
Headers
Provide custom request headers that will be included in all requests using this connection.
Body
When establishing authentication, provide the request payload to be sent with POST/PUT/PATCH requests.
You can insert values from the response of the Auth Request step ($response) into the body by using formula functions such as JSONVAL(), JSONLIST(), XMLVAL(), or XMLLIST().
e.g. {(JSONVAL($response, ‘path.to.property’))}
Using the above response in headers/query parameters below
The result from the REST step above is returned as $response for use in the connection headers and query parameters.
Access properties or lists of elements from JSON responses via the JSONVAL() and JSONLIST() formula functions.
Similarly, for XML responses, use XMLVAL() and XMLLIST().
e.g. {(JSONVAL($response, ‘path.to.property’))}
Query Parameters
Provide custom query parameters that will be included in the URL of all GET requests using this connection.
Adding an OAuth 2.0 Connection
Authentication URL
Enter the URL where users will be directed to authenticate. Example: https://some-service.example/oauth2/authorize
Auth Code Request
Add all the query parameters needed for a code request. We automatically add the response_type=code and redirect_uri parameters to the request.
Token URL
Enter the URL used to exchange the authorization code for an access token. Example: https://some-service.example/oauth2/token
Token Request
Add all the query parameters needed for a token request. We automatically add the request’s redirect_uri, grant_type=authorization_code, and code parameters.
Callaback URL
The REST service will call back to the URL once the authentication is successful.
https://secure.formsonfire.com/oauth2/restcallback
The OAuth2.0 access token will be included in headers automatically
An ‘Authorization: Bearer *****‘ header will be included in all requests using this connection
If your connection is authenticated successfully, the red block showing Cannot Connect will change to green and show Connected. At this point, your REST connection is ready to use on your forms and data sources.