Skip to main content

Introduction

Securely connecting your custom tools to external systems (like EHRs, CRMs, or calendars) is paramount. Authentication ensures that only authorized requests are made, protecting sensitive data. AlloMia provides options to configure standard authentication methods for your tools. This guide covers the common types available: API Key, Bearer Token, and Basic Authentication. Important Note: Always consult the API documentation of the external system you are integrating with to determine the required authentication method and specific details (header names, token formats, etc.).

Accessing Authentication Settings

When creating or editing a custom tool, navigate to its ‘Authentication’ tab or section. Here, you can select and configure the appropriate method.

Configuring API Key Authentication

API Keys are common for simpler authentication. They are essentially secret tokens that grant access.

1. Select ‘API Key’ Type:

Choose ‘API Key’ from the available authentication types.

2. Enter the API Key:

Securely paste the API key provided by the external system into the designated field. Treat this key like a password – keep it confidential.

3. Specify ‘Add to’ Location:

Determine how the API key should be sent with the request:
  • Request Header: This is the most common method. You’ll need to provide the exact Header Name the external API expects (e.g., Authorization, X-API-Key, x-api-token). Some systems might require a prefix before the key in the header (e.g., Bearer YOUR_API_KEY). If so, add the prefix (like Bearer including the space) in the designated prefix field or directly in the header value construction if only one field is provided.
  • Query Parameters: Less common for API keys. If required, specify the parameter name the API expects in the URL (e.g., api_key=YOUR_API_KEY).

4. Save Configuration:

Save the authentication settings for the tool.

Configuring Bearer Token Authentication

Bearer token authentication is commonly used with JWT (JSON Web Tokens) and other token-based authentication systems.

1. Select ‘Bearer’ Type:

Choose ‘Bearer Token’ from the authentication types.

2. Enter the Token:

Paste the token value provided by the external system into the designated field. The system will automatically add the ‘Bearer’ prefix when sending the token in the Authorization header.

3. Configure Token Placement:

Bearer tokens are typically sent in the Authorization header. The system will use the standard format: Authorization: Bearer your_token_here.

4. Save Configuration:

Save the authentication settings for your tool.

Configuring Basic Authentication

Basic Authentication uses username and password credentials encoded in base64 format.

1. Select ‘Basic Auth’ Type:

Choose ‘Basic Auth’ from the authentication types.

2. Enter Credentials:

Provide the username and password required by the external API in the designated fields. The system will handle the base64 encoding automatically.

3. Configure Authentication Header:

The system will automatically format and send your credentials in the standard format: Authorization: Basic base64(username:password).

4. Save Configuration:

Save the authentication settings for your tool.

Other Authentication Types

If the external system uses a different method (e.g., custom authentication schemes), you might need to configure it manually using the Request Header settings within the main tool configuration, potentially using tool variables to store credentials securely (though dedicated authentication methods are preferred).

Next Steps

With authentication configured, your tool should be able to securely connect to the external system. The next vital step is to thoroughly Test Your Tool to ensure the connection and data exchange work correctly.