We have a API authentication type which we cannot implement via the API Gateway

Stuart Eddy · 2025-03-12T10:37:34+00:00

There was an error rendering this rich post.

We have a supplier who uses the following authentication method, within the REST(JSON) framework:

1.) A Login function which requires a username and password.
2.) This then returns a bearer token which lasts an hour.
3.) The system also provided a refresh token which is active for 24hr and can be used to provide a new bearer token.

We are on a multi-tenant environment.

Can any suggest any way this can be achieved, we have already thought of using an external web service (Using OAuth 2.0) , which will operate as a bridge between M3 and our supplier.

Find more posts tagged with

Accepted answers

All comments

Brandon Watson

Is the login function an API endpoint or is it a web based login? If so, you should be able to use Basic Auth Type for your target endpoint security. If it is web based, you are going to have to work on adding an Authorization for the site in which you can authorize that size from a web page.

Stuart Eddy

Thank you for responding

The login is an API call, but we need to be able to deal with the resulting token when processing the next call, while basic is to send the user name and password for each connection.

Brandon Watson

The basic authentication should take care of that. The target endpoint security gets the token and passes to each call automatically, for most api sites anyway. It would be worth a try to add the basic auth endpoint and test.