Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar
SOLVED

Authentication method

Go to solution
Aslihan_Ayan_Ha
Level 7
Level 7
‎03-27-2020 10:16 AM
‎03-27-2020 10:16 AM

Authentication method

Does Marketo provide any advance authentication methods  beyond basic?  I was not able to find any reference to any advance methods and want to make sure I am not missing anything. Thank you.

Labels:
0 Likes
3,871
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Darshil_Shah1
Level 10 - Community Advisor + Adobe Champion Level 10 - Community Advisor + Adobe Champion
Level 10 - Community Advisor + Adobe Champion
‎03-27-2020 10:59 AM
‎03-27-2020 10:59 AM

Re: Authentication method

With the authentication do you mean REST API authentication? Is so then Marketo’s REST APIs are authenticated with 2-legged OAuth 2.0. Client IDs and Client Secrets are provided by custom services that you define. Each custom service is owned by an API-Only user which has a set of roles and permissions which authorize the service to perform specific actions. An access token is associated with a single custom service. Access token expiration is independent of tokens associated with other custom services that may be present in an instance.

Refer here!

 

View solution in original post

3,863
Reply
7 REPLIES 7
Darshil_Shah1
Level 10 - Community Advisor + Adobe Champion Level 10 - Community Advisor + Adobe Champion
Level 10 - Community Advisor + Adobe Champion
‎03-27-2020 10:59 AM
‎03-27-2020 10:59 AM

Re: Authentication method

With the authentication do you mean REST API authentication? Is so then Marketo’s REST APIs are authenticated with 2-legged OAuth 2.0. Client IDs and Client Secrets are provided by custom services that you define. Each custom service is owned by an API-Only user which has a set of roles and permissions which authorize the service to perform specific actions. An access token is associated with a single custom service. Access token expiration is independent of tokens associated with other custom services that may be present in an instance.

Refer here!

 

3,864
Reply
Aslihan_Ayan_Ha
Level 7
Level 7
‎03-27-2020 12:42 PM
‎03-27-2020 12:42 PM

Re: Authentication method

Thanks @Darshil_Shah1 . It is definitely beyond my technical knowledge, but I understand there is a Certificate based Authentication method. I am trying to understand if this has been explored by any community members. 

0 Likes
3,856
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎03-27-2020 12:49 PM
‎03-27-2020 12:49 PM

Re: Authentication method

Client cert auth for the REST API?  Nothing like that is documented, like Darshil says it's OAuth Bearer (which is not Basic).

0 Likes
3,854
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎03-28-2020 11:36 AM
‎03-28-2020 11:36 AM

Re: Authentication method

@Aslihan_Ayan_Ha can you clarify what service you were referring to - the REST API or something else? I'm not aware of any part of Marketo that uses Basic auth, now that I think about it.

0 Likes
3,834
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎03-31-2020 11:25 AM
‎03-31-2020 11:25 AM

Re: Authentication method

@Aslihan_Ayan_Ha do you still have an open question about this? Like Darshil said, the REST API uses Bearer auth (not Basic) so it isn't clear which area you're wondering about? You could mark Darshil's answer as the solution if this is resolved.

0 Likes
3,766
Reply
Aslihan_Ayan_Ha
Level 7
Level 7
‎04-01-2020 05:37 AM
‎04-01-2020 05:37 AM

Re: Authentication method

@SanfordWhiteman , Sorry about the delay. I checked in with my internal team and understand that I was not structuring the question correctly. The specific feature they were  interested in was around Webhooks.  And know they are exploring the options based on:

https://nation.marketo.com/t5/Product-Discussions/Webhook-authentication-best-practices/m-p/111241#M...

https://nation.marketo.com/t5/Product-Discussions/Where-can-we-find-the-API-key-of-Marketo-Webhook/m...

https://nation.marketo.com/t5/Product-Discussions/Risks-associated-to-using-a-webhook-to-send-new-le...

0 Likes
3,757
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎04-01-2020 11:29 AM
‎04-01-2020 11:29 AM

Re: Authentication method

OK.

 

Well, webhooks are stateless. That means a webhook definition needs to have built-in credentials, because it can't, by counterexample, use a separate identity endpoint to get a valid access token or anything like that.

 

Those credentials could be in the Authorization header, or in a custom header like X-Api-Key, or in the URL query string, or in the POST body - and could be stored in a {{my.token}} - but whatever they are, they must be known at the time the webhook is executed.

0 Likes
3,753
Reply
Home