Authentication
Set up the different ways Middle users can authenticate an app
Middle can handle a variety of authentication schemes. On the Auth Configs page, you will set up the authentication inputs for an app. There are three types of authentication forms: custom fields, OAuth 2 - Auth Code Flow, and OAuth 2 - Password Grant flow. From the Auth Configs page, you can control whether or not the configuration you are on is active. An app can have multiple auth configurations.

Custom fields

The custom fields authentication form is for non-OAuth authentications where you will set up the field inputs and their field names, as they appear in the system you are integrating with. Data provided in these fields are then referencable via app script when Middle performs syncs and actions. There are several types of inputs you can set up: text areas, one-line inputs, protected one-line inputs (good for sensitive information), and boolean switches. Custom fields are useful for when an API only requires a key or pre-determined token, for direct database connections, and most other types of configurations.

OAuth flows

For OAuth flows, you will first need to set up a form in which Middle users will enter supplementary information for the authentication, such as the business ID, location IDs they are authenticating for, or the site name they will connect with. Within all forms, you can create a number of input types: text areas, one-line inputs, protected one-line inputs, and boolean switches. The field name should match the syntax of the system you will be connecting with.
OAuth flows will need to use your OAuth app, a partner's app, or a customers app registered with the web application being integrated with to facilitate authentication
Setting up an input for what business IDs Middle should connect with

Auth code flow steps

With an auth code flow, the Middle user will be taken from Middle to the site they are authenticating with and then redirected back to Middle once they've completed the authorization. When setting up an auth code flow, you will need to write a script to grab the proper URL to take the Middle user to. This is where you would also request which API scopes (ability to access certain data points) are needed for the integration. The next step is to write a script that exchanges a retrieved auth code for an access token. Middle will invoke this script after a user comes back to Middle after visiting the authorization URL. All scripts are written in Middle in Python.
An account-facing auth code flow authentication page

Password grant flow

Unlike an auth code flow, with a password grant flow, the Middle user will enter their credentials in Middle, instead of logging in and authorizing them on another site. After the Middle user enters supplementary information, you will want to provide a second form in which they will enter information such as their login credentials or an API key and secret. This form can be whatever you need it to be. Once you have the proper credentials for authentication, similar to auth code flows, you will need to write a script to exchange these for an access token.
For any field that contains sensitive information, like an API key or password, you should use a protected one-line input. Otherwise, this input could be exposed to anyone who gains access to your Middle account.
An app key form field with a protect one-line input
Copy link
Outline
Custom fields
OAuth flows
Auth code flow steps
Password grant flow