When creating auths, a lot of OAuth2 services will present a list of scopes as checkboxes, and include and 'Extra permissions' box to allow you to enter any extra scopes required:
Others will simply present you with a permission scopes box to allow you to enter any necessary scopes:
Within the main Tray dashboard click on the Authentications section. Click Create new authentication.
Here you will have two options. Do you want to authenticate with a prebuilt service or connect to a custom API:
Some API's prefer to use Bearer Tokens as a means for validation. Such as Airtable.
All you need do is add your token to the form when the property is presented:
APIs that use OAuth or OAuth2 display a more complex box. From here you can reduce the permission 'scopes'.
Be careful - reducing the scopes might prevent the connector from functioning properly (required scopes are described in individual connector docs).
Please take note that every connector authentication window is unique! There are many variables involved that are dependant on the service's own requirements and API calls.
Individual service connector documentation gives more specific details on how to set up a connector's authentication.
PLEASE NOTE: Tray does support OAuth (or OAuth 1) authentications, we simply don't recommend them due to the security risk they might impose.
Tray can also support certificate-based authentications. Please contact us if you need a custom certificate-based authentication built for your service.
Once created, you can edit the basic details of the authentications you have provided you have the right access levels.
This includes the name of the authentication and the workspace it is part of.
You can change the settings and access of authentications created previously - i.e. the parameters you gave said authentication earlier or when it was originally created.
From the 'Authentications' section of the main dashboard next to the authentication in question, select the 'Settings' option from the 'Options' icon.
This step will ask you to re-authenticate as all changes and access to your tools will have to be verified.
You can also edit the actual authentication credentials itself, such as:
The custom domain of the app.
The API key associated with the app.
The OAuth scopes (i.e. specific 'read/write' permissions to different parts of the service).
Note that when doing this:
Changes you make will override existing values.
Previously-saved sensitive authentication information will not be displayed.
If you need to connect to a third party service (for when there is no pre-existing Tray connector) there are three ways in which you can do this:
Generic Service Authentication - (token based authentications)
Create a new service and auth (via the HTTP client or authentications dashboard)
Create a new service only (for which authentications can later be made)
You cannot use Generic Service Authentication with complex token-based and Oauth-based authentications. In such cases, we recommend creating a new service.
Consider a scenario where you want to launch a modal in slack when a /test-referral command is fired in Slack. To launch the modal you need to use an HTTP Client connector.
To authenticate the HTTP Client with the required Slack app you can use the Generic Service authentication method.
For security purposes, be careful when you create a Generic service auth in an organization workspace as it will be accessible to everyone in your organisation.
This method is useful for any third party service that uses token auths (example: Basic auth).
Apart from this, you can also use generics service auth for:
Webhook trigger - to securely store a CSRF token
File helpers - to secure any credentials that maybe used in a file http request header.
and any connector that may want to have sensitive data passed externally.
Follow the step by step guide below to add Generic service auth in HTTP Client connector:
There are essentially two routes for doing this.
Go to your Personal workspace and select the main Tray Authentications tab. Click 'Create new authentication'.
Note that you will not be able to create an authentication AND a service at the same time within any other workspace.
The other route is via the HTTP connector within the builder itself.
See the Custom Services page for more details on what can be done with the HTTP connector.
To reference a service when creating an authentication with the HTTP Client you can for example, choose a name for your auth token and then enter the actual token value.
This auth token can then be used in your API call (for example, as a parameter) by including the path $.auth.token_name
.
Please see the Custom Services guide for an illustration of how this generic approach works.