Different data sources use different authentication methods in order to allow access to their data. For Skyvia users, these authentication methods have differences in what parameters are required to create a connection and how to obtain them, what parameters are entered and stored on Skyvia. There are also internal differences on which steps Skyvia performs and how it authenticates using the data source API, but they are transparent for Skyvia users.
Here are the most common authentication methods used by data sources:
- OAuth 1 or 2
- API key or secret
- User name and password
Some data sources support multiple authentication methods or use different methods with different API versions. In such cases Skyvia allows you to select the authentication method to use.
OAuth authentication is used by many cloud applications and services. When creating a connection with OAuth authentication, Skyvia redirects you to the corresponding cloud service page. You sign in on this cloud service page, not on Skyvia’s, and Skyvia does not have access to the credentials entered.
After you sign in, some applications allow you to also specify the access rights that will be provided to this connection and some will only ask whether you allow access. When you confirm access, the application generates an OAuth token that grants access. This token is stored on Skyvia and is used to gain access to data source data.
For example, let’s look at Salesforce connection creation. Salesforce supports multiple authentication methods, and OAuth 2.0 is selected by default.
So you just click the Web Login button, and a new browser window opens, which prompts you to sign in to Salesforce.
Note the address bar in this new browser window - it starts with login.salesforce.com. This means that you are entering your credentials on the Salesforce page, not on Skyvia’s. In this case Skyvia does not have access to your credentials at all. It only stores an automatically generated token in the connection settings.
Please note that OAuth token may expire or be revoked with time, and your OAuth connection may become invalid. For example, if you see an error like “expired access/refresh token”, this means that you need to edit your connection and perform the procedure of signing in and granting access again.
API Key or Secret
This authentication is another way of granting access to data source APIs without providing actual credentials. In this case, the data source generates an API key or a set of parameters which you need to enter in the Skyvia’s connection editor.
So first you go to your cloud app, obtain or generate the required API key there, and then enter them into Skyvia’s connection editor. The key is usually found in the integrations settings or somewhere like this.
For example, in Freshdesk, you can find your API key by clicking your profile icon and then the Profile settings link. Then you can see your API key in the upper right part of the Profile settings page.
Then you simply copy this key and paste it to the Skyvia connection editor.
As well as in the previous case, your login and password are neither accessed by nor stored on Skyvia.
User Name and Password Authentication
There are actually multiple kinds of authentications that require username and password. There is the HTTP Basic authentication when username and password are sent with every request, or authentication, used by databases, when username and password are sent when establishing a session, and then this session can be used for executing multiple commands. From the Skyvia user’s point of view, they are similar in that they require your data source credentials specified and stored in the connection settings.
Skyvia stores the necessary connection parameters encrypted using AES 256-bit encryption, so you don’t need to worry about their security. Our employees don’t have access to connection strings of our users.
Such authentication is used for databases, like Oracle, MySQL, PostgreSQL, SQL Server.
Some cloud sources, like Salesforce, also support it. For Salesforce, you can select either OAuth 2.0 or User Name & Password authentication. However, in order to use the latter, you also need the Security token, which you can generate in your Salesforce settings.
Other Ways of Authentication
Some data sources may use different authentication methods. Several data sources require creating an API account or registering an integration record in the data source settings in order to obtain the required parameters. In some cases this procedure is used for obtaining an OAuth token instead of performing a sign in to a cloud app. In any case, you can find the information about the required connection parameters for each specific data source either in our documentation, in the Connectors section or in the documentation of a specific data source.