Integrations
Credentials
Credentials allow you to securely save and reuse any credentials or tokens used to authenticate outgoing webhooks or Send Request steps within your Action Flows.
Adding credentials
- Go to: Configuration > Integrations > Credentials. Alternatively, open the command palette and type Credentials.
- Select New credential.
- Fill out the details for the type of credential (see below) and its parameters.
- Select Save.
Client credentials (OAuth)
Client credentials perform an OAuth client_credentials call to your chosen Identity URL and pre-populates a Authorization: Bearer ... header containing the returned access token.
The resolved OAuth credentials are cached within the Atomic platform for 45 seconds after initially being retrieved. This is to avoid overloading the OAuth endpoint with requests. Any token expiration settings should be longer than 45 seconds.
Any query parameters included in your Identity URL are merged with the OAuth parameters, allowing you to include any extra parameters required by your identity provider.
The OAuth client credentials flow supports the following request schemes:
POST with body parameters
OAuth parameters are URL encoded with a content type of application/x-www-form-urlencoded and sent in the request body to your Identity URL as a POST request.
curl --location --request POST https://login.microsoftonline.com/common/oauth2/v2.0/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_secret=MY_CLIENT-SECRET' \
--data-urlencode 'client_id=MY_CLIENT_ID' \
--data-urlencode 'scope=MY_SCOPE'
POST with query parameters
OAuth parameters are sent as query parameters to your Identity URL as a POST request with no request body. This method is used by certain implementations of the OAuth client credential flow, such as Zoho CRM.
curl --request POST 'http://my.auth.com/oauth2/v2.0/token?grant_type=client_credentials&client_secret=MY_CLIENT-SECRET&client_id=MY_CLIENT_ID&scope=MY_SCOPE'
GET with URL query parameters
OAuth parameters are sent as query parameters to your Identity URL as a GET request.
curl --request GET 'http://my.auth.com/oauth2/v2.0/token?grant_type=client_credentials&client_secret=MY_CLIENT-SECRET&client_id=MY_CLIENT_ID&scope=MY_SCOPE'
AWS Signed Request
Authenticate a request with AWS IAM allowing Atomic to interact with AWS services. We recommend creating a bot user in AWS with IAM policy access granted with least-privileged access for use with this credential type.
See the AWS documentation for information on signed requests in AWS.
- Access key ID: the ID of the access key associated with the AWS IAM user.
- Secret access key: the secret access key associated with the AWS IAM user.
- Sign query: optionally sign the request query instead of adding an Authorization header.
- Session token: optionally provide the session token to use IAM STS temporary credentials.
- Service: the AWS service which you are interacting with, this is added to the signed credentials header exactly as it is entered.
- i.e.
AWS4-HMAC-SHA256 Credential=ACCESS_KEY_ID/20241022/us-east-1/**THE_SERVICE**/aws4_request...
- i.e.
- Region: the AWS region which you are interacting with, this is added to the signed credentials header exactly as it is entered.
- i.e.
AWS4-HMAC-SHA256 Credential=ACCESS_KEY_ID/20241022/**THE_REGION**/THE_SERVICE/aws4_request...
- i.e.
Basic auth
Adds "Authorization: Basic ..." header containing the provided credentials, base64 encoded.
This option is less secure as it allows the username and password in your request to be decoded. Consider using the alternative options where possible.
Key-pair (beta)
Adds "Authorization: Bearer ..." header containing the produced JWT.
Produces a JWT based on a public and private key. The private key is entered into Atomic and the public key is used in another system to verify the produced JWT.
The resolved JWT is cached in the Atomic system for 90% of the expiry period of the produced JWT. A new token is then created when this cache expires, the next time this credential is used.
Custom headers
Applies the configured headers to requests where this credential is used. This is useful for systems that use a static API key that you don't want to manually add to the headers of each Action Flow or webhook where requests are made to that system.
Google service account (beta)
Adds "Authorization: Bearer ..." header containing the produced JWT.
Allows authentication with Google APIs via a service account. Follow Google's documentation to create a service account. You will first need to create a service account in Google Cloud and then download the credentials JSON file to get the relevant inputs for this credential type.
The resolved JWT is cached in the Atomic system for 5 minutes. A new token is then created when this cache expires, the next time this credential is used.
AWS
AWS S3 integrations are a premium feature. Please contact us to have this feature enabled in your organization.
The AWS tab in the Configuration area of the Workbench is where you will configure the Atomic side of our integration plugin with AWS S3.
Learn about how Atomic and AWS connect, including how to configure the integration in the following articles:
Salesforce
Salesforce integrations are a premium feature. Please contact us to have this feature enabled in your organization.
The Salesforce tab in the Configuration area of the Workbench is where you will configure the Atomic side of our integration plugin with Salesforce Marketing Cloud.
Learn about how Atomic and Salesforce connect, including how to configure the integration in the following articles:
- Atomic.io + Salesforce Marketing Cloud Integration Overview
- Salesforce Marketing Cloud Journey Builder Action Flow triggers
- Syncing Atomic.io data back to Salesforce Marketing Cloud
Marketo
Marketo integrations are a premium feature. Please contact us to have this feature enabled in your organization.
The Marketo tab in the Configuration area of the Workbench is where you will configure the Atomic side of our Self Service Flow Step integration with Marketo.
Learn about how Atomic and Marketo connect, including how to configure the integration in the following articles: