OAuthToken Connection


OAuth 2.0 is an Authorization Framework and an open standard for access delegation that is used by a variety of HTTP service providers.This connection type provides an access token for an HTTP service using OAuth2 Standard. It can also be referenced in REST connections with authentication method “Token”, but there are some limitations.

With OAuth connections, one authorization request can be performed during execution and can be used for several subsequent REST calls.The result of this connection is JSON and can be consumed directly by a JSON extract.

Main settings
Token endpoint The URL for the source data, e.g. https://abc.example.com/resource
Authentication method
auth2ClientCredential Grant type “Client Credentials“. Requires 3 parameters:  client ID, client secret, and access token scope, described below.

Grant type “Resource Owner Password Credentials“. Requires 2 additional parameters: user name and password.

Client ID Client ID, a unique string representing the registration information provided by the client.
Client secret Client secret key known only to the application and the authorization server.  The secret key must be entered decoded, All required encodings will be done by our system.
Access token scope Optional specification of the scope of the access request. This value is expressed as a list of space-delimited, case-sensitive strings defined by the authorization server.
Client authentication type


The client credentials are included in the request header, using the HTTP basic authentication scheme.
body The client credentials are included in the request body.
Advanced settings
SSL mode
verify checks the certificate; if response is OK, the certificate is validated.
trust imports the certificate to the keystore, if not yet available
off no SSL is used
Timeout (in s) The timeout of the web service request in seconds.
Ignore cookies policy

By default (unchecked), a warning (“Cookie rejected”) appears when the HTTP call breaks a cookie policy. For example, this can be caused by an incorrect domain in the set-cookie header. The OAuth connection will nevertheless return a result.

If the option is checked, the warning will not appear.