Authorization
Cube Software API
Prerequisites
To connect Nexla to the Cube Software API, you need an active Cube Software account and an OAuth 2.0 application registered within your Cube organization. Cube uses a three-legged OAuth 2.0 Authorization Code flow with PKCE (Proof Key for Code Exchange) for delegated user access.
Obtain Your OAuth 2.0 Client Credentials
Cube Software creates an OAuth Application and provides the Client ID and Client Secret used to authenticate your integration with the API. To obtain these credentials, contact your Cube Software account team or administrator, who can provision an OAuth application for your organization.
Once the OAuth application is created, you will receive:
-
Client ID — A unique public identifier assigned to your registered application.
-
Client Secret — A private key used to authenticate your application when requesting tokens. This value should be kept secure and never shared publicly.
The authorization endpoint for Cube Software OAuth is https://portal.cubesoftware.com/o/authorize/ and token exchange is handled at your Cube instance's base URL, typically https://api.cubesoftware.com/o/token/.
For additional information about Cube Software's authentication flows, refer to the Cube API Authentication Flows article in the Cube Help Center.
Identify Your Cube Base URL
The Cube Software API base URL is the root URL for all API calls made by Nexla. For most organizations, this is https://api.cubesoftware.com. Confirm the correct base URL with your Cube Software administrator if your organization uses a custom deployment.
Create a Cube Software API Credential
- To create a new Cube Software API credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
Credential Name & Description
-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.
OAuth 2.0 Authentication (3-Legged with PKCE)
Cube Software API credentials use a three-legged OAuth 2.0 Authorization Code flow with PKCE. This flow requires user login via Cube's Portal to authorize access, after which Nexla exchanges the authorization code for an access token. OAuth tokens issued by Cube Software expire after 10 hours (36,000 seconds) and are automatically refreshed by Nexla using the refresh token.
-
Enter your OAuth 2.0 Client ID in the Client ID field. This is the unique public identifier provided when your OAuth application was registered in Cube Software.
-
Enter your Client Secret in the Client Secret field. This private key authenticates your application during the token exchange process.
ImportantThe Client Secret grants access to your Cube Software data. Store it securely and do not share it with unauthorized users. If the secret is compromised, contact your Cube Software administrator to rotate it immediately.
-
When prompted, complete the OAuth authorization flow by logging in to your Cube Software Portal account (
https://portal.cubesoftware.com). Nexla will redirect you through the authorization page where you can review the requested permissions and grant access. The authorization request will includeread writescopes by default, allowing Nexla to both read data from and write data to your Cube Software account.
Save the Credential
-
Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.
-
The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.