The Documentation Portal experience has been upgraded! Explore the tabs and share your feedback.
Submit feedback
Book a demo

OAuth2 integration model with Digibee

Learn how to implement an OAuth2-based integration model to securely and efficiently authenticate and authorize connections.

This document presents an implementation model for the OAuth2 flow used for authentication and authorization in integrations carried out on the Digibee Integration Platform. The goal is to ensure secure access to protected APIs using access tokens and refresh tokens when applicable.

You will learn the standard implementation pattern of the OAuth2 authentication flow on Digibee, including:

  • Credential generation steps

  • Token retrieval

  • Token refresh

  • Credential removal

Important notes:

  • The pipeline must be configured with at least two simultaneous executions (Digibee Execution Config) to ensure the mechanism works correctly, since it performs a self-call to generate the token.

  • The OAuth2 flow follows the client_credentials authorization grant, suitable for system-to-system integrations without human interaction.

  • Token refresh is performed automatically before expiration, ensuring a valid token is always available for use.

Architecture

Overview

Diagram:

Pipeline:

Description

  • The pipelines implement a complete OAuth2 authentication flow, enabling:

    • Credential creation

    • Access token retrieval

    • Token refresh

    • Credential removal

  • The responsible pipeline can be triggered for the initial token generation, token refresh, or credential management, depending on the input parameters.

  • This mechanism can be reused by other business pipelines via event calls, APIs, or encapsulation in capsules.

Detailed flow

  1. Credential generation

    • Creates a clientId and clientSecret pair for future authentications.

  2. Token retrieval

    • Generates the access token (access_token) and the refresh_token.

  3. Token refresh

    • Renews the access token using the refresh_token before it expires.

  4. Credential removal

    • Deletes the credentials (clientId) from the authentication system.

Payloads

1. Credential generation

Request:

{
    "partnerId": "TestSystem",
    "executionType": "create",
    "apikey": "..."
}

Response:

{
    "clientId": "clientId",
    "clientSecret": "clientSecret"
}

2. Token retrieval

Request:

{
    "password": "clientSecret",
    "grant_type": "client_credentials",
    "username": "clientId"
}

Response:

{
    "token_type": "Bearer",
    "expires_in": 3600000,
    "ext_expires_in": 3600000,
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9..."
}

3. Token refresh

Request:

{
    "grant_type": "refresh_token",
    "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9..."
}

Response:

{
    "token_type": "Bearer",
    "expires_in": 3600000,
    "ext_expires_in": 3600000,
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9..."
}

4. Credential removal

Request:

{
    "clientId": "clientId",
    "executionType": "delete",
    "apikey": "..."
}

Response:

{
    "code": 200,
    "message": "Success when deleting client credentials for the clientId: clientId"
}
PreviousNotification model in event-driven integrationsNextUsing JSONPath to validate numbers with specific initial digits

Was this helpful?