Customer authentication configuration

Experience Platform provides great flexibility in the authentication protocols available to partners and customers. You can configure your destination to support any of the industry-standard authentication methods like OAuth2, bearer token authentication, password authentication, and many more.

This page explains how to set up your destination using your preferred authentication method. Based on the authentication configuration that you use when you create your destination, customers will see different types of authentication pages when connecting to the destination in the Experience Platform UI.

To understand where this component fits into an integration created with Destination SDK, see the diagram in the configuration options documentation or see the following destination configuration overview pages:

Before customers can export data from Platform to your destination, they must create a new connection between Experience Platform and your destination, by following the steps described in the destination connection tutorial.

When creating a destination through Destination SDK, the customerAuthenticationConfigurations section defines what customers see in the authentication screen. Depending on the destination authentication type, customers must provide various authentication details, such as:

  • For destinations using basic authentication, users must provide a username and password directly in the Experience Platform UI authentication page.
  • For destinations using bearer authentication, users must provide a bearer token.
  • For destinations using OAuth2 authorization, users are redirected to your destination’s login page where they can log in with their credentials.
  • For Amazon S3 destinations, users must provide their Amazon S3 access key and secret key.
  • For Azure Blob destinations, users must provide their Azure Blob connection string.

You can configure customer authentication details via the /authoring/destinations endpoint. See the following API reference pages for detailed API call examples where you can configure the components shown in this page.

This article describes all the supported customer authentication configurations that you can use for your destination, and shows what customers will see in the Experience Platform UI based on the authentication method that you set up for your destination.

IMPORTANT
The customer authentication configuration does not require you to configure any parameters. You can copy and paste the snippets shown in this page in your API calls when creating or updating a destination configuration, and your users will see the corresponding authentication screen in the Platform UI.
IMPORTANT
All parameter names and values supported by Destination SDK are case sensitive. To avoid case sensitivity errors, please use the parameters names and values exactly as shown in the documentation.

Supported integration types supported-integration-types

Refer to the table below for details on which types of integrations support the functionality described on this page.

Integration type
Supports functionality
Real-time (streaming) integrations
Yes
File-based (batch) integrations
Yes

Authentication rule configuration authentication-rule

When using any of the customer authentication configurations described in this page, always set the authenticationRule parameter in destination delivery to "CUSTOMER_AUTHENTICATION", as shown below.

{
   "destinationDelivery":[
      {
         "authenticationRule":"CUSTOMER_AUTHENTICATION",
         "destinationServerId":"{{destinationServerId}}"
      }
   ]
}

Basic authentication basic

Basic authentication is supported for real-time (streaming) integrations in Experience Platform.

When you configure the basic authentication type, users are required to input a username and password to connect to your destination.

UI render with basic authentication

To set up basic authentication for your destination, configure the customerAuthenticationConfigurations section via the /destinations endpoint as shown below:

"customerAuthenticationConfigurations":[
   {
      "authType":"BASIC"
   }
]

Bearer authentication bearer

When you configure the bearer authentication type, users are required to input the bearer token that they obtain from your destination.

UI render with bearer authentication

To set up bearer type authentication for your destination, configure the customerAuthenticationConfigurations section via the /destinations endpoint as shown below:

"customerAuthenticationConfigurations":[
   {
      "authType":"BEARER"
   }
]

OAuth 2 authentication oauth2

Users select Connect to destination to trigger the OAuth 2 authentication flow to your destination, as shown in the example below for the Twitter Custom Audiences destination. For detailed information on configuring OAuth 2 authentication to your destination endpoint, read the dedicated Destination SDK OAuth 2 authentication page.

UI render with OAuth 2 authentication

To set up OAuth2 authentication for your destination, configure the customerAuthenticationConfigurations section via the /destinations endpoint as shown below:

"customerAuthenticationConfigurations":[
   {
      "authType":"OAUTH2"
   }
]

Amazon S3 authentication s3

Amazon S3 authentication is supported for file-based destinations in Experience Platform.

When you configure the Amazon S3 authentication type, users are required to input their S3 credentials.

UI render with S3 authentication

To set up Amazon S3 authentication for your destination, configure the customerAuthenticationConfigurations section via the /destinations endpoint as shown below:

"customerAuthenticationConfigurations":[
   {
      "authType":"S3"
   }
]

Azure Blob authentication blob

Azure Blob Storage authentication is supported for file-based destinations in Experience Platform.

When you configure the Azure Blob authentication type, users are required to input the connection string.

UI render with Blob authentication

To set up Azure Blob authentication for your destination, configure the customerAuthenticationConfigurations parameter in the /destinations endpoint as shown below:

"customerAuthenticationConfigurations":[
   {
      "authType":"AZURE_CONNECTION_STRING"
   }
]

Azure Data Lake Storage authentication adls

Azure Data Lake Storage authentication is supported for file-based destinations in Experience Platform.

When you configure the Azure Data Lake Storage authentication type, users are required to input the Azure Service Principal credentials and their tenant information.

UI render with Azure Data Lake Storage authentication

To set up Azure Data Lake Storage (ADLS) authentication for your destination, configure the customerAuthenticationConfigurations parameter in the /destinations endpoint as shown below:

"customerAuthenticationConfigurations":[
   {
      "authType":"AZURE_SERVICE_PRINCIPAL"
   }
]

SFTP with password authentication

SFTP authentication with password is supported for file-based destinations in Experience Platform.

When you configure the SFTP with password authentication type, users are required to input the SFTP username and password, as well as the SFTP domain and port (default port is 22).

UI render with SFTP with password authentication

To set up SFTP authentication with password for your destination, configure the customerAuthenticationConfigurations parameter in the /destinations endpoint as shown below:

"customerAuthenticationConfigurations":[
   {
      "authType":"SFTP_WITH_PASSWORD"
   }
]

SFTP with SSH key authentication

SFTP authentication with SSH key is supported for file-based destinations in Experience Platform.

When you configure the SFTP with SSH key authentication type, users are required to input the SFTP username and SSH key, as well as the SFTP domain and port (default port is 22).

UI render with SFTP with SSH key authentication

To set up SFTP authentication with SSH key for your destination, configure the customerAuthenticationConfigurations parameter in the /destinations endpoint as shown below:

"customerAuthenticationConfigurations":[
   {
      "authType":"SFTP_WITH_SSH_KEY"
   }
]

Google Cloud Storage authentication gcs

Google Cloud Storage authentication is supported for file-based destinations in Experience Platform.

When you configure the Google Cloud Storage authentication type, users are required to input their Google Cloud Storage access key ID and secret access key.

UI render with Google Cloud Storage authentication

To set up Google Cloud Storage authentication for your destination, configure the customerAuthenticationConfigurations parameter in the /destinations endpoint as shown below:

"customerAuthenticationConfigurations":[
   {
      "authType":"GOOGLE_CLOUD_STORAGE"
   }
]

Next steps next-steps

After reading this article, you should have a better understanding of how you can configure user authentication to your destination platform.

To learn more about the other destination components, see the following articles:

recommendation-more-help
7f4d1967-bf93-4dba-9789-bb6b505339d6