Adding authorization to an API is a critical step to ensure that only authorized users or applications can access and interact with the API. Authorization mechanisms help protect sensitive data and maintain the security and integrity of your services.
Types of Authorization
The Functions feature supports the following authorization mechanism:
Authorization Type
Description
NONE
Indicates that no authentication is required to access the API. The API is publicly accessible without any authentication credentials.
LiveVox
Appears if the value in the Base URL field containslivevox. Automatically relays the Platform Session to each web service request.
BASIC
A simple method where you must add the username and password as part of the request header. These credentials are often encoded in base64 format, but this method is considered relatively less secure, especially when used over unencrypted HTTP.
BEARER
Bearer Token Authentication is a method where you include a token (usually a long, randomly generated string) in the request header. This token is obtained from the API provider and is used to authenticate the client system (requesting System). Bearer tokens are commonly used in Open Authorization (OAuth) 2.0 authentication to secure API access.
OAUTH
Primarily used for authorization. It allows a user (resource owner) to grant a third-party application (client) limited access to their resources without sharing their credentials.
OAUTH2
Widely used for enabling secure access to web APIs, including those offered by major service providers, such as Google, Facebook, and Microsoft. It is also used in Single Sign-On (SSO) scenarios.
