Authentication Types
Authentication is the process of verifying the identity of a user, system, or application attempting to access a resource. In system integrations, it ensures that only authorized systems or users can securely exchange data between platforms.
Different systems and APIs adopt various authentication methods depending on their security needs, technical complexity, and usage scenarios.
Authentication Types in Studio
- OAuth 2.0
- OAuth 1.0
Authentication Types Comparison
| Type | Common Use Case | Required Credentials | Signature Method | Sent Via | Token Expiration |
|---|---|---|---|---|---|
| OAuth 2.0 | Modern secure integrations | Client ID/Secret, Token URLs, Scopes | — | Header | Yes |
| OAuth 1.0 | Older APIs needing request signing | Consumer Key/Secret, Token/Secret | HMAC-SHA256 RSA-SHA256 | Header/Params | Optional |
SSL / TLS (Advanced)
Some APIs commonly in banking, ZATCA, and government systems require a client certificate in addition to regular authentication. If your target system needs this, expand the SSL / TLS (Advanced) section and pick the certificate format the system expects:
PEM
Two separate files, a certificate and a private key, typically .pem, .crt, or .key.
PFX
A single bundled file (.pfx or .p12) protected by a password.
The actual certificate files are uploaded per Connection, so each client uses their own credentials under the same System.
Switching between PEM and PFX later doesn't break existing Connections, but each one will need to re-upload certificates in the new format the next time it's edited.
Related Topics