REST OAuth2 Account

In this article

Overview

You can use this account type to connect REST Snaps with data sources that use OAuth2 authenticationWhen choosing between different authentication options for a REST API, we recommend you use the REST OAuth2 account instead of the REST In-memory OAuth2 account because of the flexibility and security features OAuth2 offers. Learn more about the differences between the REST In-memory OAuth2 Account Vs. REST OAuth2 Account.

Prerequisites

A valid Client ID, Client secret, OAuth2 endpoint, and OAuth2 token.

Limitations

None.

Account Settings

Field NameField TypeDescription
Label*String

Specify the name for the account. We recommend that you update the account name if there is more than one account of the same account type in your project.

Default Value: N/A
ExampleREST OAuth2 Account

Client ID*String

Specify the client ID associated with your account. You can create the client ID as advised by your application provider. An example and its meaning can be found here.

Default Value: N/A
Examplep364e45x-953x-460p-9pb0-934xep16p693

Client secret*String

 The client secret associated with your account. You can create the client secret as advised by your application provider. An example and its meaning can be found here.

Default Value: N/A
Example<Encrypted>

Access tokenString

Auto-generated after authorization. Specify the token that SnapLogic uses to make API requests on behalf of the user associated with the client ID.

Default Value: N/A
Example<Encrypted>

Refresh tokenString

Auto-generated after authorization. Specify the refresh token associated with your account. If the refresh token is stored, then the access token can be refreshed automatically before it expires.

You should retrieve the Refresh token when setting up the account for the endpoint, where the OAuth2 flow is executed and the resulting refresh token is stored in this field. If the refresh token is stored, then the access token can be refreshed automatically before it expires. 

Users who run Pipelines with REST Snaps using OAuth2 authentication should have read/write/execute permissions. If the user has only Execute permissions, a refresh of the OAuth2 token might prompt the user's credentials. For a workaround, you can give the user running the Pipeline Write access to the Assets referenced in the Pipeline.

In some REST endpoints, such as Google and Microsoft, the refresh token is not returned by the default parameters/scopes. For example, in an endpoint such as Google, to get the refresh token you need to set access_type=offline and prompt=consent.

Default Value: N/A
Example<Encrypted>

Access token expirationInteger

Auto-generated after authorization. Specify the access token expiration value, in seconds.

Default ValueCurrent Time + 3600 seconds
Example10000s

Header authenticated

Checkbox

Select this checkbox to indicate that the endpoint uses bearer header authentication.

Default Value: Deselected

OAuth2 Endpoint*

String

Specify the URL of the endpoint that authorizes the application. 

Default Value: N/A
Examplehttps://login.microsoftonline.com/common/oauth2/v2.0/authorize

OAuth2 Token


String

Specify the URL of the endpoint that retrieves the token for an authenticated account.

If you are using a REST OAuth2 Account, access the account token through account.access_token explicitly. The property must be marked as an expression. An example URL for LinkedIn is: "https://api.linkedin.com/v1/people/~?oauth2_access_token=" + account.access_token.

Default Value: N/A
Examplehttps://login.microsoftonline.com/common/oauth2/token

Grant Type

Select one of the following methods for authorization:

  • Authorization Code: The user is authenticated using credentials (username and password), which return to the client through a redirect URL. The application then receives the authorization code from the URL and uses it to request an access token.
  • Client Credentials: Obtains an access token to the client ID and client secret through the token endpoint URL.
  • password: Obtains access token using your login credentials (username and password). When selected, it populates the following fields:
    • Username: Enter the username of the account type.
    • Password: Enter the password of the account type.

Default ValueAuthorization Code
Exampleclient_credentials

Token endpoint config

Use this field set to provide custom properties for the OAuth2 token endpoint. Click the + or - icons to respectively add or remove configuration rows.

This field set comprises the following fields:

  • Token endpoint parameter
  • Token endpoint parameter value

Token endpoint parameter

String

Define an optional token endpoint parameter.

Default Value: N/A

Token endpoint parameter valueString

Specify the value associated with the optional endpoint parameter defined above.

Default Value: N/A

Auth endpoint config

Use this field set to provide custom properties for the OAuth2 auth endpoint. Click the + or - icons to respectively add or remove configuration rows.

This field set comprises the following fields:

  • Auth endpoint parameter
  • Auth endpoint value

Snaplex

Default Value: N/A
Example: /snaplogic/shared/cloud

String

Specify the Snaplex path to be used for OAuth2 operations.

  • By default, SnapLogic automatically selects an available Snaplex. So, use this field only to handle specific scenarios, such as a network limitation.

  • If the specified Snaplex is not available or does not exist, the execution fails.

Authentication parameterString

Define an optional authorization endpoint parameter.

Default ValueN/A

Authentication parameter value


Default Value: N/A

String

Specify the value associated with the optional authorization endpoint parameter defined above.



Auto-refresh token


Default ValueDeselected

Checkbox

Select this checkbox to refresh the token automatically using the refresh token, if the property is enabled. If this property is deselected, the token expires and is not refreshed automatically.


Authorize


Button

Click this button to authorize the REST OAuth2 account using the credentials provided in the Client ID, Client Secret, OAuth2 Endpoint, and OAuth2 Token fields.


Send Client Data as Basic Auth Header


Default Value
Deselected

Checkbox

Select this checkbox to send the client information as a header to the OAuth endpoint.


Call-back DomainThe redirect URI must be set differently in the app that is created in the endpoint: https://<SnapLogic_POD_Name>/api/1/rest/admin/oauth2callback/rest

For example: "https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/rest" in the screenshot below:

After you click Authorize, SnapLogic sends your account details to the OAuth2 endpoint specified and populates the Access token, Refresh token, and Access token expiration fields using the details received from that endpoint.

REST In-memory OAuth2 Account Vs. REST OAuth2 Account

REST In-memory OAuth2 Account

REST OAuth2 Account

The REST In-memory OAuth2 Account supports only client_credentials Grant type.

The REST OAuth2 Account supports the following authorization Grant types:

  • client_credentials

  • password

  • authorization_code

The REST In-memory OAuth2 Account is suitable for scenarios where the access token expiration time is less than 30 minutes. This account type efficiently manages tokens within the pipeline and Snap, ensuring a more localized token handling approach.

The REST OAuth2 Account is suited for scenarios when access token expirations are 1 hour or longer. If the OAuth2 service supports refresh tokens, enabling the Auto Refresh token checkbox allows Snaplogic to pre-emptively refresh tokens automatically before their official expiration.

Troubleshooting

ErrorReasonResolution
One or more required field is blank

You click Authorize in the account dialog window, but one or more of the following fields is blank:

  • Label
  • Client ID
  • Client Secret
  • OAuth2 Endpoint
  • OAuth2 Token

Insert valid details into the following fields and click Authorize.

  • Label
  • Client ID
  • Client Secret
  • OAuth2 Endpoint
  • OAuth2 Token

You attempted to authorize your account, but authorization failed, because the following fields are empty:

  • Access token
  • Refresh token
  • Access expiration token

Snap Pack History

 Click to view/expand

​

Release

Snap Pack Version 

Date

Type

Updates

August 2024

main27765

 

Stable

Upgraded the org.json.json library from v20090211 to v20240303, which is fully backward compatible.

May 2024437patches26522 Latest

Enhanced the REST OAuth2 Account with Snaplex support for executing OAuth2 operations.

May 2024

main26341

 

Stable

Updated and certified against the current SnapLogic Platform release.

February 2024main25112 StableUpdated and certified against the current SnapLogic Platform release.
November 2023main23721 StableUpdated and certified against the current SnapLogic Platform release.

August 2023

main22460

 

Stable

Updated and certified against the current SnapLogic Platform release.

February 2023main21015 StableUpgraded with the latest SnapLogic Platform release.
February 2023432patches20054Latest

For Snaps using AWS Signature V4 accounts, DNS canonical names are now supported for S3 buckets. 

February 2023main19844 StableUpgraded with the latest SnapLogic Platform release.
November 2022main18944 StableUpgraded with the latest SnapLogic Platform release.
September 2022430patches17851 LatestThe REST Post Snap now works without displaying any errors when the Show all headers checkbox is selected and the Content-type is text/xml or application/xml.
August 2022430patches17684 Latest

The REST AWS Sig v4 Account is now enhanced with the AWS Region and Service Name fields that enable the Snap to support Virtual Private Cloud (VPC) endpoint.

August 2022main17386 Stable
  • You can set cookie policy specifications using the Cookie Policy dropdown list in REST Snaps .

  • Support for auto-retries where the REST Snaps automatically retry when they encounter 429 HTTP status code - Too Many Requests error.

  • The REST AWS Sig v4 Account supports:

    • Passing AWS Security Token Service (STS) temporary credentials in the Security Token field.

    • Expression values for Access-key ID and Secret Key fields.

  • Improved the performance of REST Snaps when the Snaps encounter Unauthorized (401) or Forbidden (403) errors even when the user credentials are available in the organization and the account type is OAuth2.

4.29  Patch

429patches17084

 Latest
 Learn more

Cookie Policy: The Cookie Policy to select from the following options:

BROWSER COMPATIBILITY: This policy is compatible with different servers even if they are not completely standards-compliant. If you are facing issues while parsing cookies, you should try using this policy.

IGNORE COOKIES: This cookie policy ignores all cookies. You should use this policy to prevent HTTP Client from accepting and sending cookies.

RFC STRICT: All servers that handle version 1 cookies should use this policy.

RFC LAX: The original cookie specification which formed the basis for RFC2109.

  • Added a new field Security Token in the REST AWS Sig v4 Account to support AWS Security Token Service (STS) for using temporary credentials.

  • Enhanced the REST AWS Sig v4 Account to support expression values for Access-key ID and Secret Key fields.

4.29  Patch429patches16076 Latest
  • Enhanced the REST Snaps with support for auto-retry where the Snap retries automatically when the Snap encounters 429 HTTP status code - Too many requests error.
  • Improved the performance of REST Snaps when the Snaps encountered errors due to Unauthorized (401) or Forbidden (403) statuses though the user credentials are available in the organization and the account type is OAuth2.
4.29main15993 Stable

Added the REST In-memory OAuth2 Account type with Client Credentials Grant Type that supports and stores the access token in memory for reuse until it expires. When the Snap encounters 401 or 403 errors, this account generates a new token after refreshing the cache.

4.28  Patch428patches15172 Latest

Fixed an issue that caused REST SSL accounts to fail when the username in the REST SSL Account was null and the Enhanced Encryption level was low, medium, or high.

4.28main14627 Stable
  • Enhanced the REST Post, REST Put, and REST Patch Snaps with the Multipart Type list to support multipart (files and text) upload.

  • Renamed the following fields:

    • Upload File(s) field set to Form Upload

    • Upload-file key to Multipart Key

    • Upload file to Multipart Value

4.27 Patch427patches12750 LatestEnhanced the REST Put Snap with the Upload Transfer Request Type field to support encoding of chunked transfer and calculating content length.
4.27main12989Stable and LatestFixed an issue in the REST OAuth2 account that caused a new feature, OAuth Password Grant Type to be excluded from the GA version. The latest deployed build includes this feature.

4.27

main12833

 

Stable

Enhanced REST OAuth2 accounts with a new option password for Grant Type to obtain an access token through user credentials. On selecting password, the Snap populates the Username and Password fields to enter the credentials.
4.26426patches12749Latest

Fixed an issue with the REST Post Snap, where the Snap delayed the fetching of documents, when the batch size is greater than or equal to one.

4.26426patches11746Latest

Enhanced the REST Post Snap to display all cookies (securedauth cookies and httponly cookies) from the CookieStore along with headers when you select the Show all headers checkbox.

4.26main11181 StableUpgraded with the latest SnapLogic Platform release.
4.25 Patch425patches10419 LatestFixed a memory leak issue in the REST Snap Pack
4.25 Patch425patches9929 LatestEnhanced the REST Snap Pack to support Proxy Authentication.
4.25 Patch425patches9684 Latest
  • Fixed the REST Post Snap that fails to correctly set the Content-Length header when working with multi-file uploads.
  • Added Send Client Data as Basic Auth Header check box to the OAuth2 and OAuth2 SSL accounts. This check box enables you to include and pass the client credentials information in the header when connecting to the OAuth endpoint.
  • Added a new account type REST AWS Sig V4 Account that adds the ability to call any AWS API.
4.25main9554 StableUpgraded with the latest SnapLogic Platform release.
4.24main8556 
StableUpgraded with the latest SnapLogic Platform release.
4.23main7430StableImproved the handling of expired access tokens in REST Snaps that use OAuth2 accounts (REST OAuth2 Account and REST OAuth2 SSL Account). The Snaps can refresh expired access tokens on-demand, through a request to the platform. The Snap reloads the account with the updated/fresh access token before attempting the next retry.
4.22 Patch422patches7103 StableEnhances the Snaps in REST Snap Pack by separating the retry logic for OAuth account from that of the Snap.
4.22main6403 Stable
  • Added a new account type, REST OAuth2 SSL, which enables support for the OAuth2 SSL authentication for REST Snaps with endpoints that require client certificates.
  • [Docs Update] Applied the enhanced doc template to the Snap Pack's documentation. Improves usability by enhancing Snap field descriptions, functional examples, and use cases. 
4.21 Patchrest8858-LatestFixed the REST Get and REST Post Snaps that does not parse Content-Encoding and Content-Type headers for gzipped responses.
4.21

snapsmrc542

-StableUpgraded with the latest SnapLogic Platform release.
4.20 Patchrest8798-LatestFixed the REST POST Snap that fails when a single file is uploaded in multi-part form using the Single file upload Snap settings.

4.20

snapsmrc535

-

Stable

  • The new Multipart related option in the Upload body type property in the REST Post Snap enables you to post files to the Google Drive API and retain the original names.
  • The REST Account now has a new Grant Type option called Client Credentials. This enables the Snap to obtain an access token to the client ID and client secret through the token endpoint URL.
4.19 Patchrest8374-Latest
  • Added a drop-down property Retry Policy to the REST Snaps to provide users with different retry options for connection and 4xx and 5xx error responses.
  • Fixed the REST GET Snap that limits the output to five documents, even when more output documents are expected.

Critical fix

If your current or new Pipelines with REST Snaps use the retry functionality, then we recommend you to use this latest patch version as subsequent GA releases may result in Pipeline executions failing. Else, you can continue using your existing Snap Pack version (stable distribution – snapsmrc528).

4.19snapsmrc528-Stable

Fixed a regression issue wherein REST Snaps are unable to handle empty XML responses when Show All Headers is enabled.

4.18

snapsmrc523-StableUpgraded with the latest SnapLogic Platform release.
4.15 Patchrest6310-Latest

Fixed an issue with the NLTM Rest account connection hanging infinitely.

4.15snapsmrc500-StableUpgraded with the latest SnapLogic Platform release.

4.14 Patch

rest6159-LatestFixed an issue wherein the REST GET and POST Snaps were infinitely trying to connect to endpoint even after pipeline execution abortion.
4.14 Patch

rest5782

-Latest

Fixed an issue wherein the REST POST Snap was not accepting any blank values from upstream Mapper Snap.

4.14 Patchrest5719-Latest

Fixed an issue where the Ultra task was not producing a valid response while acknowledging documents.

4.14

snapsmrc490

-StableUpgraded with the latest SnapLogic Platform release.

4.13 Patch

NA-Latest

REST POST Snap: New properties: Multipart Content-Type, and Filename to be used added.

4.13snapsmrc486-StableUpgraded with the latest SnapLogic Platform release.
4.12 Patchrest4917-Latest

Fixed an encoding issue with the REST Get Snap so that it uses the same encoding format (UTF-8) by default on all machines instead of using a different encoding format based on the machine's Operating System.

4.12 Patch rest4816-Latest

Fixed an issue that caused the REST OAuth accounts to fail when running in orgs with Enhanced encryption in Medium or higher level. 

4.12 Patchrest4781-Latest

Enhanced REST Post Snap to prevent it from encoding file names.

4.12snapsmrc480-Stable

Added Upload body type property to the REST Post Snap for processing the specified content type.

4.11 Patchrest4333-Latest

Added support for the Binary File Uploads with the REST POST Snap.

4.11snapsmrc465-Stable

Updated support of NTLM Account Authentication to the REST Snap Pack.

4.10 Patch rest4070-Latest

Resolved an issue with the REST GET Snap that often fails to exit properly. This should reduce or eliminate that problem.

4.10snapsmrc414-StableUpgraded with the latest SnapLogic Platform release.
4.9 Patchrest3177-Latest

Addressed an issue with REST Get displaying the authorization header in plain text

4.9 Patchrest3126-Latest

Added Connection timeout property to specify the number of seconds to wait before terminating a connection. The Timeout property has been renamed to Read timeout.

4.9.0snapsmrc405-StableUpgraded with the latest SnapLogic Platform release.
4.8.0snapsmrc398-StableUpgraded with the latest SnapLogic Platform release.
4.7.0 Patchrest2555-Latest
  • Addressed an issue in the REST Post Snap with the REST API not returning a full cookie response.
  • Added Show all headers setting to the show full cookie response for the Post, Put, Patch and Delete Snaps.
4.7.0 Patchrest2336-Latest

Resolved an issue with REST Get not handling multiple response cookies.

4.7.0 Patchrest2260-Latest

Added a new "Follow redirects" setting to toggle whether redirects should be followed (default behavior is to follow redirects)

4.7.0snapsmrc382-Stable
  • Updated Snaps in the REST Snap Pack with Response entity type field(The DEFAULT option under this property allows the backward compatibilityThe addition of the property will not affect the existing production pipelines and allows them to run as before).

  • Updated Snaps in the REST Snap Pack with Maximum request attempts and Retry request interval Upload fields.  

  • Updated the RESTPost Snap with Upload transfer request type field.

4.6.0 Patchrest1992-Latest

Resolved an issue where Rest Snaps failed to process the received response that is encoded in charsets such as Windows-1252. This fix will process the response purely based on the charset provided in the Content-Type header.

4.6.0snapsmrc362-StableUpgraded with the latest SnapLogic Platform release.
4.5.1rest1566-Latest
  • A new property was added to the REST Get Snap to specify the iteration interval for pagination.

  • All Snaps now have at most one input and one output view.

4.5.0snapsmrc344-StableUpgraded with the latest SnapLogic Platform release.
4.4.1NA-Latest

Resolved an issue with REST SSL Accounts with Username not send the Authorization header with the HTTP request.

4.4.0NA-Stable

REST Get now supports using parameters from an input document in the Next URL Setting.

4.3.1NA-Latest

Addressed a defect where REST GET Snap fails saying 'Scheme "http" not registered'

Fall Release 2015 (4.3.0)NA-Stable
  • Two-way SSL support was added to the REST account.

  • REST Get 

    • Now has support for iterating over additional result pages.

    • Header variables are now being updated for each input

  • REST Post

    • Improved error handling messages.

    • Resolved an issue with the Snap failing with "Failed to execute HTTP request" error.

September 5, 2015 (4.2.2)NA-Latest
  • Maximum retries and Retry interval support added.

  • Resolved an issue with using a REST Dynamic OAuth2 account with Facebook Graph API.

  • REST Account: REST SSL account added.

June 27, 2015 (2015.22)

NA-Latest

REST Get now allows you to have no output views. Previously, there was exactly one output view.

June 6, 2015 (2015.20)NA-Latest

Rest Post Snap now supports posting a file.

May 2, 2015

NA-Stable

REST: Output views made optional 

January 2015

NA-Stable

Optional Raw data property added to all REST Snaps. If selected, the HTTP response content is written to the output view as is. If not selected, it is parsed according to the content type specified in the response header.

October 18, 2014

NA-Stable
  • NEW! REST Patch Snap introduced in this release.

  • Addressed an issue where REST GET (and perhaps REST Snaps) error view does not include response body. 

Fall 2014

NA-Stable

REST Get: support added for gzip format.

June 30, 2014

NA-Stable

Addressed an issue with RestRequestExecutor class writing data into error views even on successful requests status code 201, 204.

May 2014

NA-StableREST Get, REST Post all updated to support input parameters in HTTP headers

July 2013

NA-Stable
  • NEW! REST Delete Snap introduced in this release.

  • NEW! REST Get Snap introduced in this release.

  • NEW! REST Post Snap introduced in this release.

  • NEW! REST Put Snap introduced in this release.


Related Content