Configuring each account type
Learn more about the configuration of the account types used within the Digibee Integration Platform.
There are different types of accounts, such as AWS V4, Basic, Public Key, Secret Key, OAuth 2, and API Key, and it is highlighted that they can be configured and stored with the Store Account connector without interrupting execution. Below you will learn how to configure each of these Accounts.
Accounts accept values that have up to 10,000 characters.
Accounts type
API Key
API Key storage for endpoints that need an API Key.
URL-PARAM-NAME: name of the query parameter in which the set API Key will be used
API-KEY: API Key value
Basic
User/password authentication.
USERNAME: User's name
PASSWORD: User's password
Custom Auth Header
Custom authentication header for specific endpoints.
HEADER-NAME: Header name
HEADER-VALUE: Header value
OAuth Bearer
Storage for OAuth-type tokens, the token will be assigned to the "Authorization" parameter in the request header.
TOKEN: OAuth token
Private Key
Storage for private keys.
KEY: Private key
PASSPHRASE: Private key password
Public Key
Storage for public keys.
KEY: Public key
OAuth 2
Authorization via OAuth pattern that is commonly used to allow Internet users to login to other websites using their accounts with Google, Microsoft, etc., without revealing their passwords.
OAuth gives them a "delegated secure access" to server resources on the name of the resource owner.
PROVIDER: OAuth provider
SCOPES: OAuth access scopes
Certificate Chain
Chain of certificates for endpoints that need 2-way SSL authentication or client certificates. (The certificate chain must be provided in the correct order and pem format.)
CHAIN: complete chain of certificates
PASSWORD: Private key password (if needed)
Secret Key
Used for encryption connectors.
KEY: Secret key
Google Key
Service key for Google APIs.
KEY: Google key
SCOPES: Scopes for API access (comma-separated). To know more about Google scopes, click here.
Kerberos
Keytab storage for Kerberos authentication.
KEYTAB: Base64 of Keytab file
PRINCIPAL: User associated with the Keytab (e.g., user@DOMAIN)
AWS V4
For AWS service access.
SERVICE-NAME: Service to be accessed (e.g., S3, SQS)
ACCESS-KEY: AWS access key
SECRET-KEY: AWS secret key
SESSION-TOKEN: AWS session token (when using temporary credentials)
REGION: Execution region
OAuth Provider
Authorization via the OAuth pattern that is usually used to log in to web applications. It can only be used for the Salesforce connector.
CLIENT-ID: the identifier associated with an application
CLIENT-SECRET: the secret associated with an application
SMTP Auth and Props
For Mail Connector, providing SMTP server access data to send emails.
HOST: SMTP server host name
PORT: SMTP server access port
USERNAME: User's email
PASSWORD: Email password
STARTTLS_ENABLE: "true" or "false" for SSL access
AUTH: Email server authentication type
NTLM
NTLM (NT Lan Manager) is a suite of Microsoft security protocols for authentication, integrity and confidentiality which can be accessed via the SOAP V3 connector. Alert: A vulnerability in NTLM was found due to outdated encryption (DES, RC4), exposing systems to attacks such as brute force and Pass-the-Hash. Digibee suggests you to disable NTLM, adopt secure protocols such as Kerberos, and enforce stronger security policies.
USERNAME: User's name
PASSWORD: User's password
DOMAIN (optional): Domain name
HOSTNAME (optional): Host name
AWS Role
Used to specify an AWS role to be assumed by a user configured in an AWS V4 account.
The AWS Role account can currently only be used in the DynamoDB connector.
ROLE-ARN: The Amazon Resource Name of the role.
ROLE-SESSION-NAME: The name that identifies the assume role session.
EXTERNAL-ID: An optional identifier required for cross-account operations to assume the role.
Azure Key
Used to connect to Azure Key Vault services on Microsoft Azure.
All keys can be found in the Default Directory within the App Registrations section. The CLIENT-ID and TENANT-ID are available on the app Overview, while the CLIENT-SECRET is within Certificates & secrets.
CLIENT-SECRET: The client secret.
CLIENT-ID: The Application (client) ID.
TENANT-ID: The Directory (tenant) ID linked to the Azure Default Directory.
Information and examples
We have some important information about some accounts and some examples, see below:
Information
AWS Role
The AWS Role account grants an AWS user temporary access to a specific role created in AWS. To use this feature, an AWS V4 account must be configured.
Once both account types are configured correctly, they can be used together in connectors that support the assume role feature.
Currently, only the DynamoDB connector supports this feature.
Example:
Suppose you are using the DynamoDB connector and you want a specific user to access a database to retrieve some data. You don’t want this user to always have access to this database or to perform any other operations on it. In this case, you can configure a role in AWS and allow the user to temporarily assume this role to retrieve the necessary data from the database.
To achieve this, select the AWS V4 account you want to use in the DynamoDB connector and activate the Use Assume Role parameter on the Authentication tab. When this option is active, you can select the AWS Role account that grants the user permission to perform the desired operation.
Within AWS, you must configure the AWS users who can access the role. If this configuration is not set correctly, the user of the selected AWS V4 account won’t be able to assume the role, even if both the AWS V4 and AWS Role accounts are selected in the connector.
OAuth 2
Important: We support the following providers:
Microsoft: the "offline_access" scope is mandatory to use it in Digibee Integration Platform. It is important to remember that this provider accepts only personal accounts.
Google.
Mercado Livre.
API Key
Important: The following providers set an expiration period for their authentication tokens. For this reason, it is necessary to update the configurations of your Accounts at the end of every period.
Microsoft: Every 3 months
Google: Every 6 months
Mercado Livre: Every 6 months
Certificate Chain
To convert your key, you can do it through OpenSSL via the command line, e.g: openssl pkcs12 -in mycert_xpto.p12 -out myapp.pem
Examples
Private Key
Public Key
Certificate Chain
Google Key
Last updated