Skip to main content

Integrations

Credentials

Credentials allow you to securely save and reuse any credentials or tokens used to authenticate outgoing webhooks or Send Request steps within your Action Flows.

Adding credentials

  1. Go to: Configuration > Integrations > Credentials. Alternatively, open the command palette and type Credentials.
  2. Select New credential.
  3. Fill out the details for the type of credential (see below) and its parameters.
  4. Select Save.

Client credentials (OAuth)

Client credentials perform an OAuth client_credentials call to your chosen Identity URL and pre-populates a Authorization: Bearer ... header containing the returned access token.

caching

The resolved OAuth credentials are cached within the Atomic platform for 45 seconds after initially being retrieved. This is to avoid overloading the OAuth endpoint with requests. Any token expiration settings should be longer than 45 seconds.

Any query parameters included in your Identity URL are merged with the OAuth parameters, allowing you to include any extra parameters required by your identity provider.

The OAuth client credentials flow supports the following request schemes:

POST with body parameters

OAuth parameters are URL encoded with a content type of application/x-www-form-urlencoded and sent in the request body to your Identity URL as a POST request.

curl --location --request POST https://login.microsoftonline.com/common/oauth2/v2.0/token \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'grant_type=client_credentials' \
    --data-urlencode 'client_secret=MY_CLIENT-SECRET' \
    --data-urlencode 'client_id=MY_CLIENT_ID' \
    --data-urlencode 'scope=MY_SCOPE'

POST with query parameters

OAuth parameters are sent as query parameters to your Identity URL as a POST request with no request body. This method is used by certain implementations of the OAuth client credential flow, such as Zoho CRM.

curl --request POST 'http://my.auth.com/oauth2/v2.0/token?grant_type=client_credentials&client_secret=MY_CLIENT-SECRET&client_id=MY_CLIENT_ID&scope=MY_SCOPE'

GET with URL query parameters

OAuth parameters are sent as query parameters to your Identity URL as a GET request.

curl --request GET 'http://my.auth.com/oauth2/v2.0/token?grant_type=client_credentials&client_secret=MY_CLIENT-SECRET&client_id=MY_CLIENT_ID&scope=MY_SCOPE'

AWS Signed Request

Authenticate a request with AWS IAM allowing Atomic to interact with AWS services. We recommend creating a bot user in AWS with IAM policy access granted with least-privileged access for use with this credential type.

See the AWS documentation for information on signed requests in AWS.

  • Access key ID: the ID of the access key associated with the AWS IAM user.
  • Secret access key: the secret access key associated with the AWS IAM user.
  • Sign query: optionally sign the request query instead of adding an Authorization header.
  • Session token: optionally provide the session token to use IAM STS temporary credentials.
  • Service: the AWS service which you are interacting with, this is added to the signed credentials header exactly as it is entered.
    • i.e. AWS4-HMAC-SHA256 Credential=ACCESS_KEY_ID/20241022/us-east-1/**THE_SERVICE**/aws4_request...
  • Region: the AWS region which you are interacting with, this is added to the signed credentials header exactly as it is entered.
    • i.e. AWS4-HMAC-SHA256 Credential=ACCESS_KEY_ID/20241022/**THE_REGION**/THE_SERVICE/aws4_request...

Basic auth

Adds "Authorization: Basic ..." header containing the provided credentials, base64 encoded.

security

This option is less secure as it allows the username and password in your request to be decoded. Consider using the alternative options where possible.

Key-pair (beta)

Adds "Authorization: Bearer ..." header containing the produced JWT.

Produces a JWT based on a public and private key. The private key is entered into Atomic and the public key is used in another system to verify the produced JWT.

caching

The resolved JWT is cached in the Atomic system for 90% of the expiry period of the produced JWT. A new token is then created when this cache expires, the next time this credential is used.

Custom headers

Applies the configured headers to requests where this credential is used. This is useful for systems that use a static API key that you don't want to manually add to the headers of each Action Flow or webhook where requests are made to that system.

Google service account (beta)

Adds "Authorization: Bearer ..." header containing the produced JWT.

Allows authentication with Google APIs via a service account. Follow Google's documentation to create a service account. You will first need to create a service account in Google Cloud and then download the credentials JSON file to get the relevant inputs for this credential type.

caching

The resolved JWT is cached in the Atomic system for 5 minutes. A new token is then created when this cache expires, the next time this credential is used.

AWS

Premium feature

The features that connect to S3 are premium features.

Contact us to enable these features for your organization if they is not already active.

S3 analytics buckets

See the integration guide for more information.

S3 Action Flows buckets

See the guide for more information.

Salesforce

Premium feature

Integration with Salesforce is a premium feature.

Contact us to enable this feature for your Org if it is not already active.

Configure integrations with Salesforce Marketing Cloud here.

Marketo

Premium feature

Integration with Marketo is a premium feature.

Contact us to enable this feature for your Org if it is not already active.

Configure integrations with Marketo here.

Last updated on