What are authentication requirements?

Specify the type of authentication that you require for Direct connect registration requests and other direct communication with your product or solution.

Acoustic Exchange always includes authentication information for Direct connect endpoint registration requests. If you specify Direct connect registration, you must also specify your preferred authentication method. However, Integration Manager does not provide this option if you specify Instructions only registration.

If you request that Acoustic Exchange notify you when Acoustic Exchange users subscribe to events that you either produce or consume, you have the option to require that Acoustic Exchange include authentication information in the header of the notification. This is optional. You must explicitly request additional authentication for subscription notifications. Additional authentication for subscription notifications is available only if you also specify Direct connect endpoint registration.

You can request that Acoustic Exchange add authentication information for all other direct communications with your product, not limited to endpoint registration requests and subscription notifications. This option is available only if you also specify Direct connect endpoint registration.

Acoustic Exchange supports the following authentication methods:

  • API Key: You specify a key value when you register for subscription notification. When Acoustic Exchange reports a subscription change in an HTTP call, Acoustic Exchange adds the specified key in the HTTP header. For example, Authorization : Bearer <API key>.
  • HTTP Basic: You specify a username and password when you register for subscription notification. When Acoustic Exchange reports a subscription change, Acoustic Exchange submits the credentials encoded in the HTTP header in RFC 2617 format. For example, Authorization : Basic <encoded user ID and password>.
  • OAuth: You specify a client ID and client secret when you register for subscription notification. When Acoustic Exchange reports a subscription change, Acoustic Exchange includes these values in the OAuth parameters that it adds to the header of the HTTP call.
  • OAuth with a refresh token only: You specify a client ID and client secret during account provisioning, separately from registration for subscription notification. When Acoustic Exchange reports a subscription change, Acoustic Exchange includes a refresh token, but not the client ID or client secret, in the OAuth authorization parameters in the HTTP header.