How does API Authentication work? - Autocode Documentation

How Does API Authentication Work?Many of the third-party APIs on Autocode require authentication. API authentication through Autocode is performed through the following steps:

Creating a Linked Resource, like a Stripe account, Shopify store, or Airtable base

Linking that resource to an Autocode Identity Token

Passing that Identity Token into calls to an API on Autocode

The other pages in this section will go into specifics around each step, but let's start by going through an example of how authentication works within an app in the Autocode editor.Creating a Linked ResourceStart typing await lib. in the Autocode editor and selecting an API provider from the dropdown that appears. We've used Slack in the example below:

Next, click the red button in the bottom of the editor that says 1 Account Required. You'll see a modal appear prompting you to link a resource for each API provider you're using in your endpoint. You can also select other providers from the dropdown if you'd like to create a Linked Resource for a different provider.

Once you press the link button, you'll be presented with a list of Linked Resources that you've previously created for that provider. To link a new one, press Link New Resource, and you'll see provider-specific instructions on how to create your resource, usually pasting in a API key or going through an OAuth flow. Follow the instructions, and you'll create a Linked Resource!Linking a Resource to an Identity TokenAutocode apps each have their own associated Identity Token, which is automatically generated on creation and finalized on deploy. It is accessible from your app's environment variables as process.env.STDLIB_SECRET_TOKEN. When creating Linked Resources through the editor, Autocode will automatically link the resource to the app's Identity Token, which means you're already set with this step!Passing Identity Tokens Into Autocode API CallsWhen creating new endpoints, you may have noticed a line like this at the top of your endpoint:const lib = require('lib')({token: process.env.STDLIB_SECRET_TOKEN});This imports lib, Autocode's SDK. By initializing lib with the app's associated Identity Token, API calls you make with lib will automatically pass the token properly (using the Authorization HTTP header). Autocode's gateway then supplies credentials into the API endpoint appropriately based on the Linked Resources associated with the passed token and the specific API you're calling, completing the authentication process.For example, the example below calls the messages.create endpoint within the slack/channels API on Standard Library while passing in an Identity Token. If that token has a linked Slack app, this call will use a stored Slack OAuth token to create a message from that app to the #general channel within the app's Slack workspace. Unlinking the Slack app would detach the app from the Identity, which means making the call again will result in an error.const lib = require('lib')({token: <your Identity Token value>}); let result = await lib.slack.channels.messages.create({ channel: '#general', text: 'According to all known laws of aviation...' });

It is extremely important to keep the value of your Identity Token secret.

Anyone with this value will have access to any resources you link to the Identity. If you suspect that the value of your Identity Token has fallen into the wrong hands, you should delete the token immediately by navigating to the Secret Tokens page on your Autocode dashboard. You can then create a new Identity Token with a new value and relink the appropriate Linked Resources.