Skip to main content

Authorization

Follow this guide to create a new OpenAir credential that will allow Nexla to authenticate to and exchange data with your OpenAir account.
openair_api_auth.png

OpenAir

Prerequisites

Before creating an OpenAir credential, you need to identify your OpenAir account base URL and obtain your OAuth2 Client ID and Client Secret from your OpenAir account. OpenAir uses OAuth2 3-legged authentication, which allows Nexla to access your OpenAir account on your behalf.

To prepare for OAuth2 authentication, ensure you have the following:

  1. OpenAir Account Base URL: You need to know your OpenAir account base URL, which is typically in the format https://<company-id>.app.openair.com where <company-id> is your company's unique identifier. You can find this in your OpenAir web application URL.

  2. OAuth2 Client Application: You must have an OAuth2 client application registered in your OpenAir account. If you don't have one, you'll need to create it in your OpenAir account settings.

  3. Client ID and Client Secret: You need to obtain the Client ID and Client Secret from your OAuth2 client application settings in your OpenAir account.

  4. Account Access: You must have administrative access or appropriate permissions to register OAuth2 applications and authorize access to your OpenAir account.

  5. OAuth Authorization: During the credential creation process, you will be redirected to OpenAir's authorization page to grant Nexla permission to access your OpenAir account. You will need to sign in with your OpenAir account and approve the authorization request.

The OAuth2 flow uses your OAuth2 client application to authenticate with OpenAir. When you authorize Nexla, you grant permission for Nexla to access your OpenAir account data based on the requested scopes (e.g., rest for REST API access). The authorization includes access to read and manage data in your OpenAir account. For detailed information about OAuth2 authentication, available scopes, and API access, refer to the OpenAir REST API Guide.

Create an OpenAir Credential

  • To create a new OpenAir credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – OpenAir

OpenAirCred.png

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

OpenAir Account Base URL

Enter your OpenAir account base URL in the Account Base URL field. This should be the base domain URL for your OpenAir account, typically in the format https://<company-id>.app.openair.com where <company-id> is your company's unique identifier. For example, if your company ID is "contoso", your URL would be https://contoso.app.openair.com. Ensure the URL includes the protocol (https://) and does not include a trailing slash.

You can find your OpenAir account base URL in your OpenAir web application by checking the URL in your browser's address bar. The account base URL is used to construct API endpoint URLs and OAuth2 authorization/token URLs for all OpenAir API requests.

OAuth2 Client Configuration

OpenAir uses OAuth2 3-legged authentication to securely access your OpenAir account. You need to configure your OAuth2 client application credentials.

  1. Enter your OAuth2 Client ID in the Client ID for Authorization field. This is the Client ID you obtained from your OpenAir OAuth2 client application settings. The Client ID is used in the OAuth2 authorization flow to identify your application.

  2. Enter your OAuth2 Client Secret in the Client Secret field. This is the Client Secret you obtained from your OpenAir OAuth2 client application settings. The Client Secret is used in the OAuth2 token exchange and is sensitive information that must be kept confidential.

  3. Select the OAuth2 scope in the Scope field. Available options include Rest API(scope: rest) for REST API access, XML API(scope: xml) for XML API access, and SOAP API(scope: soap) for SOAP API access. Select the scope that matches the type of API access you need. The scope determines which OpenAir API capabilities Nexla will have access to.

OAuth2 Authorization URLs

  1. Enter your OAuth2 Authorization URL in the OAuth Authorization URL field. This should be the authorization URL for your OpenAir account, typically in the format https://<company-id>.app.openair.com/login/oauth2/v1/authorize where <company-id> is your company's unique identifier. This URL is used to redirect users to OpenAir's authorization page.

  2. Enter your OAuth2 Token URL in the Token URL field. This should be the token URL for your OpenAir account, typically in the format https://<company-id>.app.openair.com/login/oauth2/v1/token where <company-id> is your company's unique identifier. This URL is used to exchange authorization codes for access tokens.

OAuth2 Authentication

  1. Click the Authorize button to begin the OAuth2 authorization process. You will be redirected to OpenAir's authorization page.

  2. Sign in to your OpenAir account using your OpenAir account credentials.

  3. Review the permissions that Nexla is requesting. These permissions allow Nexla to access your OpenAir account data based on the selected scope.

  4. Click Accept or Authorize to grant Nexla permission to access your OpenAir account.

  5. After authorization, you will be redirected back to Nexla, and the credential will be automatically configured with the OAuth2 tokens.

    OAuth2 authentication uses your OAuth2 client application to securely access your OpenAir account. When you authorize Nexla, you grant permission for Nexla to access your OpenAir account data based on the requested scope (e.g., rest for REST API access). The authorization includes access to read and manage data in your OpenAir account.

    The OAuth2 tokens (access token and refresh token) are automatically managed by Nexla. The access token is used to authenticate API requests, and the refresh token is used to obtain new access tokens when they expire. Tokens are automatically refreshed as needed to maintain access to your OpenAir account.

    If you need to revoke access, you can do so in your OpenAir account settings under OAuth2 applications or Connected apps. For detailed information about OAuth2 authentication, available scopes, and API access, see the OpenAir REST API Guide.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.