Most APIs require some form of authentication in order to insure that the user has authorized the party making API requests on their behalf to do so. Typically, an API will validate that some sort of secret (such as an access token or API key) is present in a request before processing it.

Every Rollout Connector specifies how users can authorize Rollout to make requests on their behalf. For Connectors that you build yourself, you will need to tell Rollout how to request credentials from the user in the connector's auth.ts file. When a user configures an Automation using your Connector, they will be prompted to either select an existing account that has already been authenticated or to enter credentials for a new account. The credentials collected are then passed to your Connector's Trigger and Action functions as a parameter.

Auth Types Supported#

The Rollout framework supports several methods for auth:

  • None: If you don't wish to provide auth on a per-user basis (e.g. if you store a secret as an environment variable and use it in every request made to Rollout), you can leave out the auth.ts file entirely and instead set auth to false when you call the defineApp function in the index.ts file of your connector.
  • JWT Authentication: If you are building a Connector to your own App, this is likely the best option from a user experience perspective. Rather than explicitly prompting the user to provide an API Key or to go through an OAuth flow, a user's credentials are passed to Rollout in the authData claim of the Rollout JWT. See the defineJWTAuth functionfor details on implementing this auth type. See this page for details on generating a Rollout JWT.
  • API Token Authentication: In this option, you specify a set of fields that Rollout components will prompt users to input when configuring a trigger or action from your connector. In the most basic form, this might be collecting a single value like an API Key. See the defineApiTokenAuth function for details on implementing this auth type.
  • OAuth (both 1.0 and 2.0): With this authentication option, users will see an OAuth pop-up window when adding an account associated with the Connector's App. You will define the logic for each step of the OAuth flow in the connector's auth.ts. See the defineOauth1 function and defineOauth2function for details on implementing these auth types.

Avoiding the OAuth Pop-up for Your Own App#

If you're building a connector to your own app, it is best to avoid bringing up an OAuth pop-up window, as the user is already logged in. If you're able to modify your API endpoints, consider adding an additional alternative means of auth such as:

  1. Storing a secret in your Rollout Project Environment that proves a request is being made by Rollout. You can then include this secret in each request made from your connector.
  2. Generating an internal "API key" for each of your Consumers and using the JWT Authentication method to provide this value to Rollout.