Skip to main content

Authorization

Follow this guide to create a new Ironclad credential that will allow Nexla to authenticate to and exchange data with your Ironclad account.
ironcladapp_api_auth.png

Ironclad

Prerequisites

The Ironclad connector uses OAuth 2.0 (three-legged authorization code flow) to authenticate. Before creating a credential in Nexla, you must register an OAuth application in your Ironclad instance to obtain a Client ID and Client Secret.

Enable API Access

Ironclad's API is an add-on feature. Before you can register an OAuth application, API access must be enabled for your Ironclad instance.

  • Contact your Ironclad Customer Success Manager to request that API access be enabled for your account. Once enabled, an API tab will appear in your Company Settings.

Register an OAuth Application in Ironclad

Once API access is enabled, follow these steps to create an OAuth application and obtain your credentials:

  1. Sign in to your Ironclad instance (e.g., https://na1.ironcladapp.com).

  2. Click your user profile avatar or name in the top-right corner of the screen, and select Company Settings from the dropdown menu.

  3. In the left sidebar of Company Settings, click the API tab.

  4. Click the Create new app button. A dialog will appear prompting you to enter a name for the OAuth application.

  5. Enter a descriptive name for the application (e.g., "Nexla Integration"), then click Create app.

  6. Ironclad will display your new application's Client ID and Client Secret. Copy and store both values in a secure location immediately—the Client Secret will not be shown again after you leave this page.

The Client Secret is shown only once at creation time. Store it securely (for example, in a password manager) before closing the dialog. If the secret is lost, you must delete the application and create a new one.

Identify Your Ironclad Instance URL

Ironclad hosts customers in regional environments. Determine the correct base URL for your instance:

  • North America: https://na1.ironcladapp.com
  • Europe: https://eu1.ironcladapp.com

Your instance URL is the domain you use to log in to Ironclad. This base URL is required when creating the credential in Nexla.

For additional information on Ironclad's OAuth 2.0 setup, refer to the Ironclad Developer Hub and the OAuth 2.0 Overview in the Ironclad support documentation.

Create an Ironclad Credential

  • To create a new Ironclad credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

OAuth 2.0 Configuration

Nexla uses a three-legged OAuth 2.0 authorization code flow to connect to Ironclad on behalf of a specific user. This means a user will be redirected to Ironclad to log in and grant access, after which Nexla receives an access token that it uses for all subsequent API calls.

  1. Enter your Ironclad instance base URL in the Ironclad Instance URL field. Use the regional base URL that matches your account (e.g., https://na1.ironcladapp.com for North America or https://eu1.ironcladapp.com for Europe). This value defaults to https://na1.ironcladapp.com.

  2. Enter the Client ID obtained when registering your OAuth application in the Client ID field. This is the unique public identifier assigned to your Ironclad OAuth application.

  3. Optionally, enter a space-separated list of OAuth scopes your application requests in the Access Scope field. Scopes control which Ironclad resources and actions Nexla is permitted to access on behalf of the authorizing user.

    Consult the Ironclad API documentation for the list of available scopes and guidance on which scopes are required for the operations you intend to perform. If left blank, Ironclad will grant the default set of permissions associated with the authorizing user's account.

  4. Enter the Client Secret obtained when registering your OAuth application in the Client Secret field. This private key authenticates your application when exchanging the authorization code for an access token and must be kept secure.

  5. After entering all credential fields, Nexla will initiate the OAuth authorization flow. You will be redirected to your Ironclad instance to log in and authorize the application's access. After completing authorization, you will be returned to Nexla and the credential will be created with the issued access and refresh tokens.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.