Authentication and Token Management

Handling OAuth and API Keys

Automatic Token Refresh

When managing multiple connectors, Fiscus SDK provides seamless tools for handling OAuth and API key authentication. The goal is to abstract away the complexity of integrating different authentication methods for various APIs, allowing developers to focus on operations rather than managing authentication logic.

Handling OAuth for Connectors

OAuth is often required by services like Google, Salesforce, and Microsoft. Fiscus makes this process simple by providing built-in flows for managing OAuth authentication.

How OAuth Works with Connectors:

• User Authorization: The user grants permission to the connector (e.g., Gmail) to access their account.
• Access Token Management: Once the user consents, Fiscus manages the token exchange process to obtain an access token.
• Token Refresh: Fiscus automatically refreshes the token before it expires, ensuring uninterrupted access to the service.

Example: Authenticating a Connector with OAuth

To authenticate a connector using OAuth, such as Google, developers only need to pass the OAuth details. Fiscus handles the token generation and storage automatically.

Steps:

• Define the OAuth parameters, such as client ID, client secret, and the authorization code.
• Pass these to the connector when initializing the authentication.
• Fiscus will handle token refresh automatically once the token expires.

Example:

• You can use the following parameters when authenticating Gmail:
  • client_id
  • client_secret
  • authorization_code

This simplifies OAuth for the connector, leaving Fiscus to manage the token lifecycle.

API Key Authentication for Connectors

Many services, such as Stripe, AWS, or Twilio, rely on API keys for authentication. Fiscus enables API key management with the same ease as OAuth. After you authenticate the connector using the API key, Fiscus automatically handles requests without needing to pass the key repeatedly.

Example: Authenticating with an API Key

To authenticate connectors like Stripe:

• Pass the API key to the Fiscus SDK using the auth_params during authentication.
• Fiscus securely stores and uses the API key for all subsequent API calls, ensuring smooth integration with the service.

Once authenticated, the API key is used transparently for all API requests, eliminating the need for manual key handling in every operation.

Automatic Token Refresh for Connectors

For both OAuth and custom token-based connectors, Fiscus takes care of refreshing tokens before they expire. This ensures that API operations continue to run without interruption due to token expiration.

Built-In Token Refresh

• Fiscus tracks token expiration and automatically refreshes tokens for supported services like Google, Salesforce, or any OAuth-based API.
• Tokens are refreshed transparently, ensuring that users don’t experience interruptions when interacting with connected services.

Custom Token Refresh Logic

If you need to implement custom token refresh logic, Fiscus supports this through authentication callbacks. You can define how the token refresh should occur for specific connectors.

Example: Custom Token Refresh

For connectors that require custom token management:

• Developers can set up their own token refresh logic through the set_auth_callback method.
• This allows you to define custom behavior for refreshing tokens based on your infrastructure.

Managing Token Expiry and Security

Fiscus takes a security-first approach in handling tokens:

• Secure Storage: Tokens are securely stored, reducing the risk of exposure.
• Automatic Expiry Handling: Token expiration is monitored, and Fiscus refreshes them automatically or notifies the developer if re-authentication is required.

Wrapping Up Authentication and Token Management in Connectors

• Seamless OAuth Integration: Fiscus handles OAuth flows for major connectors like Google and Salesforce, simplifying access token management.
• API Key Security: Manage API keys easily with automatic key storage and usage across all connector operations.
• Automatic Token Refresh: Ensure uninterrupted API access with Fiscus’s built-in token refresh mechanisms.
• Custom Token Logic: Define your own token handling logic for non-standard connectors.
• Security and Scalability: Fiscus ensures secure, scalable management of authentication, with token expiry and refresh abstracted away from the developer.

By integrating Fiscus SDK, you can manage authentication across connectors easily, without needing to worry about handling tokens, API keys, or token refresh mechanisms manually. This allows developers to focus on building applications rather than managing API security.