The Connector also supports communication with protected data-sources and data-sinks. The following combinations are possible:
Data-Source: OAuth2 + API-Key protected APIs for HttpData.
Data-Sink: Only API-Keys can be used for HttpData.
The following properties can be used within the dataAddress array or respectively the dataDestination array.
OAuth 2.0
In the newest Connector versions, you are able to manage the secrets yourself via the Management-API. If you are not yet on the newest version and want to use OAuth 2.0, please create a Ticket in the Service Desk. We need to add your secret combined with a secret-alias to our vault; the secret-alias can then be used as the value of `clientSecretKey`.
oauth2:tokenUrl -> token URL where the access-token can be fetched from
oauth2:clientId -> the client ID
oauth2:clientSecretKey -> the secret-alias in our vault holding the secret (see underlined note)
oauth2:scope -> (optional) the requested scope
The only supported OAuth2 flow right now is the Client Credentials flow.
authCode -> optional authentication value, such as the actual API key
Data-Sources
The data-source settings must be set when the asset is created.
Via the UI
To provide data from an OAuth2 protected API using the EDC UI, an asset with the following Custom Datasource Config (JSON) can be created, which is essentially equal to the dataAddress array for the Management-API (see below):
The data-sink settings must be entered when initiating the transfer.
Initiating Transfer via UI
To start a transfer to an API-Key protected API using the EDC UI, a transfer with the following Custom Datasink Config (JSON) type can be started, which is basically equal to the dataDestination array in the body for the Management-API:
Additional individual headers for the data-source or data-sink can be added as desired in the corresponding areas of the dataAddress (data-source) and/or dataDestination (data-sink) of the API-calls. To do this, the following combination must be inserted in the appropriate places in the API-Calls:
Currently, with the HttpData-Pull EDR-flow and the use of API-keys, these API-keys cannot be added dynamically when initiating the transfer. For this, our infrastructure team must store the desired combination of target URL and API-key (auth-key and auth-code) for your Connector in our infrastructure. Please contact our support team to do this in advance.
