What are the differences between OAuth1 and OAuth2?
How to select the authentication methods in HTTP Request activity?
OAuth1 : Every request needs to be signed. Very few modern APIs use it today.
OAuth2 : much simpler and almost every modern API (Google, Microsoft, Salesforce etc.) uses it. You just get an access token and send it in your request.
Authentication Method : Authentication usually depends on your API
Username & Password : choose Basic Auth
API Key : choose None and add the API key in Headers
OAuth 1.0 : choose OAuth1
OAuth2 : choose OAuth2 and fill in Client ID, Secret, Token URL, etc.
Hope it helps
Hello @Navya_Thomas,
OAuth1
- Uses cryptographic signatures for every request
- Requires:
- consumer key
- consumer secret
- access token
- token secret
- More secure but complex to implement
- Mostly used in legacy APIs (like older Twitter APIs)
- Debugging is harder due to signature generation
OAuth2
- Uses access tokens (Bearer tokens) instead of signatures
- Much simpler and widely used today
- Supports different flows:
- Authorization Code
- Client Credentials
- Works well with APIs, mobile apps, microservices
Simple way to remember:
- OAuth1 = signature-based (complex)
- OAuth2 = token-based (simple, modern)
Thanks,
Karthik
Here is very good explanation in details:
https://medium.com/identity-beyond-borders/oauth-1-0-vs-oauth-2-0-e36f8924a835
In classic HTTP Request activity, you click on Config button and then you get configuration wizard where you get to choose the Authentication type
In Modern HTTP Request, you have to choose Authentication - Bearer Token
It’s better to start using modern activity.