Skip to Content

HTTP security provider in Jitterbit App Builder

The HTTP client security provider authenticates requests made to an HTTP data source such as Rest, OData, and App Builder connector services. The HTTP client security provider includes support for the following authentication types:

  • Anonymous Authentication
  • HTTP Basic Authentication
  • API Key
  • Bearer Token
  • Proxy Server
  • Delegated OAuth [DEPRECATED]

Common configuration

The following parameters are commonly supported by the various authentication types below.

Parameter Default Description
RequestHeaders Custom HTTP headers appended to all requests. The headers must be formatted according to RFC 7230. Line folding is not supported.
IgnoreTlsErrors False Instructs App Builder to ignore TLS certificate validation errors.

This setting is for setup and testing purposes only. Do not enable this setting on a running system.

In addition, each authentication type can be used in conjunction with mutual authentication.

Anonymous authentication

Anonymous authentication is used by default when a credential is not supplied and no other authentication type is selected. Anonymous authentication does not require any configuration. However, it can be explicitly enabled by associating the data source with a security provider that has an Authentication Type of Anonymous.

HTTP basic authentication

HTTP Basic Authentication is treated as a service account, meaning all App Builder users authenticate with the same credential. The credential (user name and password) is configured at the data source level.

HTTP Basic Authentication is enabled in one of two ways:

  1. Implicit. The credential is defined at the data source level and the data source is not associated with a security provider.
  2. Explicit. The credential is defined at the data source level and the data source is associated with a security provider that has an Authentication Type of Basic.

Credentials

Type Description
Password HTTP Basic Authentication user name and password.

API key

API Key authentication appends an HTTP header containing an API key. Example: X-API-Key: <api-key>

Credentials

Type Description
API Key API key used to authenticate HTTP requests.

Properties

Parameter Default Description
ApiKeyHeader X-API-Key Used with the API Key authentication type. Determines the HTTP header name.
ApiKeyQueryParameter Used with the API Key authentication type. Determines the HTTP query parameter name. When set, the API key is passed via the query string instead of the HTTP headers. For security reasons, passing the API key in the query string is generally discouraged.

Bearer token

Bearer Token sets the HTTP Authorization header scheme and token. Example: Authorization: Bearer <bearer-token>

Credentials

Type Description
Bearer Token Bearer token used to authenticate HTTP requests.

Properties

Parameter Default Description
AuthorizationScheme Bearer Determines the HTTP Authorization header's scheme.

Proxy server

Outbound HTTP requests can be routed through a proxy server. Proxy servers can add an extra layer of security, and in this scenario the proxy server acts as an intermediary between the App Builder and data server. The proxy server settings can be used in conjunction with all other authentication types.

Endpoints

Type Description
Proxy Server Absolute, proxy server URL, e.g., http://example.com:8888.

Credentials

Type Description
Proxy Password Proxy server user name and password. Whether the credentials are required depends on the proxy server.

Delegated OAuth

Delegates authentication to an OAuth security provider using the Authorization Code grant.

Caution

The Delegated OAuth authentication type is deprecated. It is supported for backwards compatibility only. You must associate the data source with the OAuth security provider directly.

Parameter Default Description
OAuthProvider Name of the App Builder OAuth security provider which will authorize the user.