SOLVED

Re: Authentication method

Go to solution
Aslihan_Ayan_Ha
Level 7

Authentication method

Does Marketo provide any advance authentication methods  beyond basic?  I was not able to find any reference to any advance methods and want to make sure I am not missing anything. Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Darshil_Shah1
Level 10 - Community Advisor

Re: Authentication method

With the authentication do you mean REST API authentication? Is so then Marketo’s REST APIs are authenticated with 2-legged OAuth 2.0. Client IDs and Client Secrets are provided by custom services that you define. Each custom service is owned by an API-Only user which has a set of roles and permissions which authorize the service to perform specific actions. An access token is associated with a single custom service. Access token expiration is independent of tokens associated with other custom services that may be present in an instance.

Refer here!

 

View solution in original post

7 REPLIES 7
Darshil_Shah1
Level 10 - Community Advisor

Re: Authentication method

With the authentication do you mean REST API authentication? Is so then Marketo’s REST APIs are authenticated with 2-legged OAuth 2.0. Client IDs and Client Secrets are provided by custom services that you define. Each custom service is owned by an API-Only user which has a set of roles and permissions which authorize the service to perform specific actions. An access token is associated with a single custom service. Access token expiration is independent of tokens associated with other custom services that may be present in an instance.

Refer here!

 

Aslihan_Ayan_Ha
Level 7

Re: Authentication method

Thanks @Darshil_Shah1 . It is definitely beyond my technical knowledge, but I understand there is a Certificate based Authentication method. I am trying to understand if this has been explored by any community members. 

SanfordWhiteman
Level 10 - Community Moderator

Re: Authentication method

Client cert auth for the REST API?  Nothing like that is documented, like Darshil says it's OAuth Bearer (which is not Basic).

SanfordWhiteman
Level 10 - Community Moderator

Re: Authentication method

@Aslihan_Ayan_Ha can you clarify what service you were referring to - the REST API or something else? I'm not aware of any part of Marketo that uses Basic auth, now that I think about it.

SanfordWhiteman
Level 10 - Community Moderator

Re: Authentication method

@Aslihan_Ayan_Ha do you still have an open question about this? Like Darshil said, the REST API uses Bearer auth (not Basic) so it isn't clear which area you're wondering about? You could mark Darshil's answer as the solution if this is resolved.

Aslihan_Ayan_Ha
Level 7

Re: Authentication method

@SanfordWhiteman , Sorry about the delay. I checked in with my internal team and understand that I was not structuring the question correctly. The specific feature they were  interested in was around Webhooks.  And know they are exploring the options based on:

https://nation.marketo.com/t5/Product-Discussions/Webhook-authentication-best-practices/m-p/111241#M...

https://nation.marketo.com/t5/Product-Discussions/Where-can-we-find-the-API-key-of-Marketo-Webhook/m...

https://nation.marketo.com/t5/Product-Discussions/Risks-associated-to-using-a-webhook-to-send-new-le...

SanfordWhiteman
Level 10 - Community Moderator

Re: Authentication method

OK.

 

Well, webhooks are stateless. That means a webhook definition needs to have built-in credentials, because it can't, by counterexample, use a separate identity endpoint to get a valid access token or anything like that.

 

Those credentials could be in the Authorization header, or in a custom header like X-Api-Key, or in the URL query string, or in the POST body - and could be stored in a {{my.token}} - but whatever they are, they must be known at the time the webhook is executed.