Connector Configuration

What questions does this guide answer?

What Auth Types Moveworks supports for Creator Studio Connectors
How to configure those Auth Types
What Auth Types we don't support and how to engage with us if you need an unsupported Auth Type

Step 1: Connector Basic Info

For first time connecting to a system, set up a new connector with:

Name
Description
Base URL
Auth Config

Connector Configuration

Securely store credentials based on your auth type:

Step 2: Connector Auth Type Info

No Auth

Authorization details will not be included in a request sent by Moveworks unless you specify an authentication method. If your request does not need authorization, simply choose No Auth from the Auth Config dropdown list.

API Key Auth

API Key authentication entails sending an API key as a key-value pair when using API key authentication. This can be included either in the request headers or as query parameters.

To set this up, choose API Key from the Auth Config dropdown list.

API Key with `API Key Auth Auth Type` : `Header Auth`

API Key Header Config

Next, input your API Header Auth Key, Header Auth Value Pattern, and API Key into their respective fields.

Header Auth Key: This is the Header Key associated with your API key. In the example, it is set to 'Authorization'
Header Auth Value Pattern: This field allows for regex mapping of the API key value by using %s.
- For example, Bearer %s would send Bearer <YOUR API KEY> as the value in the API Request
API Key: This is where you input the actual API key value itself.

API Key with `API Key Auth Auth Type` : `Param Auth`

API Key Param Config

Next, input your API Header Auth Key, Header Auth Value Pattern, and API Key into their respective fields.

Param Auth Param Name: This is the Paramter Name associated with your API key. In the example, it is set to 'API_Key'
API Key: This is where you input the actual API key value itself.

Bearer Token Auth

Bearer tokens allow requests to be authenticated using an access key, like a JSON Web Token (JWT). This key is represented as a text string and should be included in the request header.

The Authorization header sends your Bearer Token prepended with the word 'Bearer' in the following format: Bearer <YOUR BEARER TOKEN>

To set this up, choose API Key from the Auth Config dropdown list.

API Key Header Config

Next, copy & paste the below info into your Connector config:

Header Auth Key: This field will be Authorization
Header Auth Value Pattern: This field will be Bearer %s
API Key: This is where you input the actual API key value itself.

info

If you want use another custom prefix besides 'Bearer', you can do so by following the same guidance and changing Header Auth Value Pattern to fit your needs.

Basic Auth

Basic authentication entails sending a validated username and password along with your request.

The Authorization header sends the API a Base64 encoded string that encapsulates your username and password values, preceded by the term 'Basic' in the following format: Basic Base64Encoded("<username>:<password>")

To set this up, choose Basic Auth from the Auth Config dropdown list.

Basic Auth Config

Next, input your API username and password into their respective fields.

OAuth 2.0 with `Grant Type` : `Client Credentials`

OAuth 2.0 with Client Credentials grant type entails sending a valid Client ID and Client Secret in exchange for an Access Token. This Access Token is then used in subsequent requests, usually as a Bearer Token, to authenticate the API Request.

To set this up, choose Oauth2 from the Auth Config dropdown list.

Required Info

OAuth 2.0 Client Credentials Basic Info

Oauth 2 Grant Type: This should be set to Client Credentials Grant
Client ID: This is where you input your actual Client ID value itself.
Client Secret: This is where you input your actual Client Secret value itself.
Client Credentials Grant Scope: This is where you can optionally input scopes associated with the OAuth credentials.
- Note: Multiple scopes are separated by a single space
Oauth2 Token Url: This is where you input the full token URL.

Additional Info

OAuth 2.0 Client Credentials Additional Info

Oauth2 Client Authentication: This can be left blank. Moveworks will try making the request with both Basic Auth and Request Body Auth by default.
Header Auth Key, Header Auth Value Pattern, Oauth2 Custom Grant Type, Oauth2 Custom Oauth Request Options Custom Grant Type, Oauth2 Custom Oauth Request Options Additional Headers should all be left blank.

If needed, you can leverage Oauth2 Custom Oauth Request Options Additional Request Data to send additional body data needed for the request.

data is sent in x-www-form-urlencoded format in the body like so:

Copy

Copied

curl --location 'URL' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=abcd-1234' \
--data-urlencode 'client_secret=Kv12CQ9JppJ1gpGYgiPqek5mUHq8EGqOR5FTywdLIE' \
--data-urlencode 'Custom-body=abcde12345' \

OAuth 2.0 with `Grant Type` : `Refresh Token`

OAuth 2.0 with Refresh Token grant type entails sending a valid Client ID and Client Secret in exchange for an Access Token and a Refresh Token. This Access Token is then used in subsequent requests, usually as a Bearer Token, to authenticate the API Request. When this Access Token is expired, the Refresh Token is used to retrieve a new one from the token url.

To set this up, choose Oauth2 from the Auth Config dropdown list.

Required Info

OAuth 2.0 Client Credentials Basic Info

Oauth 2 Grant Type: This should be set to Refresh Token Grant
Client ID: This is where you input your actual Client ID value itself.
Client Secret: This is where you input your actual Client Secret value itself.
Refresh Token Grant Refresh Token: This is where you input your actual Refresh Token value itself.
Client Credentials Grant Scope: Leave this blank.
Oauth2 Token Url: This is where you input the full token URL.

Additional Info

OAuth 2.0 Client Credentials Additional Info

Oauth2 Client Authentication: This can be left blank. Moveworks will try making the request with both Basic Auth and Request Body Auth by default.
Header Auth Key, Header Auth Value Pattern, Oauth2 Custom Grant Type, Oauth2 Custom Oauth Request Options Custom Grant Type, Oauth2 Custom Oauth Request Options Additional Headers, and Oauth2 Custom Oauth Request Options Additional Request Data should all be left blank.

OAuth 2.0 with `Grant Type` : `Password Credentials`

OAuth 2.0 Password Credentials is an authentication method that allows a user to exchange their username and password for an Access Token. This Access Token can be used in subsequent requests to authenticate API calls, typically as a Bearer Token. When the Access Token expires, the user's credentials can be used to obtain a new one from the authorization server.

To set this up, choose Oauth2 from the Auth Config dropdown list.

Required Info

OAuth 2.0 Client Credentials Basic Info

Oauth 2 Grant Type: This should be set to Password Grant
Client ID: This is where you input your actual Client ID value itself.
Client Secret: This is where you input your actual Client Secret value itself.
Password Grant Username: This is where you input your actual Username value itself.
Password Grant Password: This is where you input your actual Password value itself.
Oauth2 Token Url: This is where you input the full token URL.

Additional Info

OAuth 2.0 Client Credentials Additional Info

Oauth2 Client Authentication: This can be left blank. Moveworks will try making the request with both Basic Auth and Request Body Auth by default.
Header Auth Key, Header Auth Value Pattern, Oauth2 Custom Grant Type, Oauth2 Custom Oauth Request Options Custom Grant Type should all be left blank.

If needed, you can leverage Oauth2 Custom Oauth Request Options Additional Headers to send additional Headers needed for the request.
- This is what your headers will look like:
  Copy
  Copied
```
Client-Id: XXX Client-Secret: YYY Username: AAA Password: BBB
```
  If you want to add any additional headers they'll get added to the headers:
  Copy
  Copied
```
Client-Id: XXX Client-Secret: YYY Username: AAA Password: BBB Customer-Header: Custom-Value
```

If needed, you can leverage Oauth2 Custom Oauth Request Options Additional Request Data to send additional body data needed for the request.

data is sent in x-www-form-urlencoded format in the body like so:

Copy

Copied

curl --location 'URL' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=abcd-1234' \
--data-urlencode 'client_secret=Kv12CQ9JppJ1gpGYgiPqek5mUHq8EGqOR5FTywdLIE' \
--data-urlencode 'Custom-body=abcde12345' \

Auth Types Not Currently Supported:

info

If you need to use any of the below connectors for your use case, please reach out to support@moveworks.ai and our Product team will reach out to support you.

OAuth 2.0 - Grant Type: Authorization Code
OAuth 1.0
JWT Auth
Cookie Auth
Client Credentials Header Auth
PKI Auth
NTLM Auth

Connector Configuration

What questions does this guide answer?

Step 1: Connector Basic Info

Step 2: Connector Auth Type Info

No Auth

API Key Auth

API Key with API Key Auth Auth Type : Header Auth

API Key with API Key Auth Auth Type : Param Auth

Bearer Token Auth

info

Basic Auth

OAuth 2.0 with Grant Type : Client Credentials

Required Info

Additional Info

OAuth 2.0 with Grant Type : Refresh Token

Required Info

Additional Info

OAuth 2.0 with Grant Type : Password Credentials

Required Info

Additional Info

Auth Types Not Currently Supported:

info

API Key with `API Key Auth Auth Type` : `Header Auth`

API Key with `API Key Auth Auth Type` : `Param Auth`

OAuth 2.0 with `Grant Type` : `Client Credentials`

OAuth 2.0 with `Grant Type` : `Refresh Token`

OAuth 2.0 with `Grant Type` : `Password Credentials`