Customer authentication configuration
- Topics:
- Destinations
CREATED FOR:
- Developer
- User
- Admin
- Leader
Experience Platform provides great flexibility in the authentication protocols available to partners and customers. You can configure your destination to support any of the industry-standard authentication methods like OAuth2, bearer token authentication, password authentication, and many more.
This page explains how to set up your destination using your preferred authentication method. Based on the authentication configuration that you use when you create your destination, customers will see different types of authentication pages when connecting to the destination in the Experience Platform UI.
To understand where this component fits into an integration created with Destination SDK, see the diagram in the configuration options documentation or see the following destination configuration overview pages:
Before customers can export data from Platform to your destination, they must create a new connection between Experience Platform and your destination, by following the steps described in the destination connection tutorial.
When creating a destination through Destination SDK, the customerAuthenticationConfigurations
section defines what customers see in the authentication screen. Depending on the destination authentication type, customers must provide various authentication details, such as:
- For destinations using basic authentication, users must provide a username and password directly in the Experience Platform UI authentication page.
- For destinations using bearer authentication, users must provide a bearer token.
- For destinations using OAuth2 authorization, users are redirected to your destination’s login page where they can log in with their credentials.
- For Amazon S3 destinations, users must provide their Amazon S3 access key and secret key.
- For Azure Blob destinations, users must provide their Azure Blob connection string.
You can configure customer authentication details via the /authoring/destinations
endpoint. See the following API reference pages for detailed API call examples where you can configure the components shown in this page.
This article describes all the supported customer authentication configurations that you can use for your destination, and shows what customers will see in the Experience Platform UI based on the authentication method that you set up for your destination.
Supported integration types
Refer to the table below for details on which types of integrations support the functionality described on this page.
Authentication rule configuration
When using any of the customer authentication configurations described in this page, always set the authenticationRule
parameter in destination delivery to "CUSTOMER_AUTHENTICATION"
, as shown below.
{
"destinationDelivery":[
{
"authenticationRule":"CUSTOMER_AUTHENTICATION",
"destinationServerId":"{{destinationServerId}}"
}
]
}
Basic authentication
Basic authentication is supported for real-time (streaming) integrations in Experience Platform.
When you configure the basic authentication type, users are required to input a username and password to connect to your destination.
To set up basic authentication for your destination, configure the customerAuthenticationConfigurations
section via the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"BASIC"
}
]
Bearer authentication
When you configure the bearer authentication type, users are required to input the bearer token that they obtain from your destination.
To set up bearer type authentication for your destination, configure the customerAuthenticationConfigurations
section via the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"BEARER"
}
]
OAuth 2 authentication
Users select Connect to destination to trigger the OAuth 2 authentication flow to your destination, as shown in the example below for the Twitter Custom Audiences destination. For detailed information on configuring OAuth 2 authentication to your destination endpoint, read the dedicated Destination SDK OAuth 2 authentication page.
To set up OAuth2 authentication for your destination, configure the customerAuthenticationConfigurations
section via the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"OAUTH2"
}
]
Amazon S3 authentication
Amazon S3 authentication is supported for file-based destinations in Experience Platform.
When you configure the Amazon S3 authentication type, users are required to input their S3 credentials.
To set up Amazon S3 authentication for your destination, configure the customerAuthenticationConfigurations
section via the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"S3"
}
]
Azure Blob authentication
Azure Blob Storage authentication is supported for file-based destinations in Experience Platform.
When you configure the Azure Blob authentication type, users are required to input the connection string.
To set up Azure Blob authentication for your destination, configure the customerAuthenticationConfigurations
parameter in the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"AZURE_CONNECTION_STRING"
}
]
Azure Data Lake Storage authentication
Azure Data Lake Storage authentication is supported for file-based destinations in Experience Platform.
When you configure the Azure Data Lake Storage authentication type, users are required to input the Azure Service Principal credentials and their tenant information.
To set up Azure Data Lake Storage (ADLS) authentication for your destination, configure the customerAuthenticationConfigurations
parameter in the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"AZURE_SERVICE_PRINCIPAL"
}
]
SFTP with password authentication
SFTP authentication with password is supported for file-based destinations in Experience Platform.
When you configure the SFTP with password authentication type, users are required to input the SFTP username and password, as well as the SFTP domain and port (default port is 22).
To set up SFTP authentication with password for your destination, configure the customerAuthenticationConfigurations
parameter in the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"SFTP_WITH_PASSWORD"
}
]
SFTP with SSH key authentication
SFTP authentication with SSH key is supported for file-based destinations in Experience Platform.
When you configure the SFTP with SSH key authentication type, users are required to input the SFTP username and SSH key, as well as the SFTP domain and port (default port is 22).
To set up SFTP authentication with SSH key for your destination, configure the customerAuthenticationConfigurations
parameter in the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"SFTP_WITH_SSH_KEY"
}
]
Google Cloud Storage authentication
Google Cloud Storage authentication is supported for file-based destinations in Experience Platform.
When you configure the Google Cloud Storage authentication type, users are required to input their Google Cloud Storage access key ID and secret access key.
To set up Google Cloud Storage authentication for your destination, configure the customerAuthenticationConfigurations
parameter in the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"GOOGLE_CLOUD_STORAGE"
}
]
Next steps
After reading this article, you should have a better understanding of how you can configure user authentication to your destination platform.
To learn more about the other destination components, see the following articles: