As we guide customers on their futurization journeys and build products to support them, the Profound Logic team knows that our solutions need to be secure and flexible. We see more customers integrating APIs into their application landscape every day. Whether integrating with a Profound.js frontend or any other framework, API calls need to be properly authenticated to ensure that users only access APIs that they are authorized to consume. Profound API has always provided multiple methods to authenticate users. With the release of version 7 of Profound API, we have expanded our authentication options by adding OAuth 2.0 support for authorizing access to APIs.
What is OAuth 2.0?
OAuth 2.0 is an industry standard way to allow applications and websites to access resources, in our case APIs, on behalf of a user. What does that mean exactly? It means that authentication of a user happens on a different server or service. That could be an internal server that handles authentication or an external service such as Google, Microsoft, GitHub, Facebook, and many others. Once the user is authenticated, the application is given an access token to be used to identify the user and a refresh token to get a new access token when the old one expires. The access token is provided when APIs are called, and Profound API uses that token to contact the OAuth provider and validate the user.
An easy way to envision this type of environment is to think of a secure building. The security staff ensures that you are who you say you are. The security staff is the OAuth provider. Once they are sure, they issue you an id badge. The badge is your access token. You can now use that id badge to open secure doors in the building. You scan your badge, and the card reader makes a request to the security system to validate the badge and if you can open that door. This means that the building does not need a security guard at every door. It also means that your badge can be disabled by the security staff at any time if your access needs to be revoked.
Profound API OAuth 2.0 Support
Starting with version 7.0.0, Profound API has the ability to accept an OAuth token and validate it against a configured OAuth provider to identify a user. That user is then used to check Profound APIs built in access controls to ensure that the user is authorized to access the requested API route.
To tie this feature back to our secure building example, the API routes are the secure rooms and Profound API now has badge readers. This support will allow customers to use their existing OAuth authentication within their applications to identify users when calling APIs in Profound API without storing credentials or API keys on devices or in databases. Once configured, consuming APIs created with Profound API is simple and secure.
You can find out how to configure OAuth 2.0 support and how to install an example workspace in Profound API in our documentation.
Share this blog with your social network