Auth Configs
Set up the different ways Middle users can authenticate an app
Middle can handle a variety of authentication schemes. On the Auth Configs page you will setup the authentication inputs for an app. There are three types of authentication forms: custom fields, OAuth 2 - Auth Code Flow, and OAuth 2 - Password Grant flow. From the Auth Configs page you can control whether or not the configuration you are on is active. An app can have multiple auth configurations.

OAuth Flows

For OAuth flows, you will first need to setup a form in which Middle users will enter supplementary information for the authentication, such as the business ID, location IDs they are authenticating for, or the site name they will connect with. Within all form you can create a number of input types: text areas, one-line inputs, protected one-line inputs, and boolean switches. The field name should match the syntax of the system you will be connecting with.
Setting up an input for what business IDs Middle should connect with

Auth Code Flow Steps

With an auth code flow, the Middle user will be taken from Middle to the site they are authenticating with and then redirected back to Middle once they've complete the authorization. When setting up an auth code flow, you will need to write a script to grab the proper URL to take the Middle user to. This is where you would also request which API scopes (ability to access certain data points) are needed for the integration. The next step is to write a script that exchanges a retrieved auth code for an access token. Middle will invoke this script after a user comes back to Middle after visiting the authorization URL. All scripts are written in Middle in Python.
An account-facing auth code flow authentication page

Password Grant Flow

Unlike an auth code flow, with a password grant flow the Middle user will enter their credentials in Middle, instead of logging in and authorizing on another site. After the Middle user enters supplementary information, you will want to provide a second form in which they will enter information such as their login credentials or an API key and secret. This form can be whatever you need it to be. Once you have the proper credentials for authentication, similar to auth code flows, you will need to write a script to exchange these for an access token.
For any field that contains sensitive information, like an API key or password, you should use a protected one-line input. Otherwise, this input could be exposed to anyone who gains access to your Middle account.
An app key form field with a protect one-line input

Custom Fields

For all integrations that don't use an OAuth flow you will want to setup a custom fields authentication form. Simply, you will setup the field inputs and their field names, as they appear in the system you are integrating with. There are several types of inputs you can setup: text areas, one-line inputs, protected one-line inputs (good for sensitive information), and boolean switches. Data entered in this form can then be referenced whenever Middle makes an API call. Custom fields are useful for when an API only requires a key or pre-determined token, for direct database connections, and most other types of configurations.
Last modified 1mo ago