Connecting to a proprietary system or 3rd party system requiring OAuth2 often involves a two-step process: first, fetching an access token from the authorization server, and then using that token to perform actions against the actual API. This guide will walk you through the steps required to successfully establish a connection using a roundtrip method with two API calls.
Prerequisites:
You have the credentials to authorize with your authorization server (client id and client secret)
Basic knowledge of API calls and OAuth2 authentication.
Care flow design in Awell Studio
Step 1: Fetch an Access Token
To connect to a proprietary system using OAuth2, you need to obtain an access token. This token will be used to authenticate your requests to the actual API or resource server.
Follow these steps to fetch the token:
Identify the Token Endpoint: Contact the system administrator or refer to the system's documentation to find the URL of the token endpoint. This is where you will make your first API call to request the token.
Make a POST Request: Use Awell's generic REST or GraphQL API call action to make a POST request to the token endpoint. You will need to provide your access credentials (client ID and client secret) as part of the request.
Save the Response: If the request is successful, you will receive a response from the server containing the access token. Extract the token from the response body and store it as a data point, as you will need it for subsequent API calls.
Step 2: Use the Access Token
Now that you have obtained the access token, you can use it to perform actions against the external API. Follow these steps:
Identify the API Endpoint: Determine the URL of the API endpoint you want to access. This is where you will make your second API call to perform actions.
Include the Token in the Request Header: When making API requests to the external system, include the access token in the request header. Most commonly, you'll use the "Authorization" header with the token in the "Bearer" format.
Perform API Call Actions: You can now send requests to the API endpoint, and the server will recognize your requests as authenticated and authorized, allowing you to perform the desired actions.