Settings
Authentication

Authentication

Three API authentication modes are supported in radical

  • Basic
  • Key Based
  • Bearer JWT

Basic

In this authentication mechanism, client and server agree on preshared username and password and client passes the encoded form of username and password in authorization header to API.

Example header to be passed from client

Authorization: Basic base64encode(username:password)

Radical generates placeholder for environmental variables of username and password, they can be modified in .env file or environmental variables

  • AUTHENTICATION_USERNAME
  • AUTHENTICATION_PASSWORD

Key Based

In key based authentication mechanism, client and server agree on preshared key and client pass the key in custom api key header to server for auth validation

Example header to be passed from client

X-API-KEY: <preshared-key>

Radical generates placeholder for environmental variables of key and it can be modified by .env file or environmental variables

AUTHENTICATION_API_KEY

Bearer JWT

Bearer JWT is recommended over basic and key based, as bearer jwt scheme avoids sharing same credentials to different users and has a concept expiry built on.

What is required to obtain bearer JWT ?

  1. You need to have identity provider like Okta, Auth0, Keycloak or equivalent vendors to provide client and clientSecret
  2. Client makes a call identity with client credentials scheme oauth endpoints to obtain bearer token. A bearer token is base64 encoded token that is generated by identity provider and can be used by resource server i.e custom API's that are built can validate the token.

Steps to validate the bearer JWT

  1. Resource server i.e the API that you build via radical, needs to know about the identity server jwks end point. Note this is a public end point and provides public key that can ge used to validate the authenticity of token. JWKS is url is mandatory for using bearer jwt validation scheme
  2. Once jwks url is available, go settings tab and choose Bearer JWT as authentication mode and JWKs URL with JWT object structure will be prompted.

JWT token has rich payload that can include variables related to claims and other details about user, you can use a JSON and import the schema

APIImporter