Authentication Auth2.0 - Password Credentials

Purpose:
Also known as the Resource Owner Password Credentials (ROPC) flow, this grant type allows exchanging a username and password directly for an access token.
It’s generally deprecated for modern apps because it bypasses the provider’s login UI and puts full responsibility for credential handling on your app.
Recommended only for legacy systems or trusted environments.

Add extra fields only if needed.

👉 Example:

• Environment (sandbox / production)

• Region

💡 Keep it minimal — users shouldn’t fill unnecessary inputs

The endpoint where viaSocket sends the Client ID and Client Secret to obtain an access token.

• Example: https://service.com/oauth/token

• 👉 viaSocket sends the code
  👉 App returns an access token

  👉 This token is used to access user data

• Tip: Use HTTPS to ensure credentials are secure in transit.

Usually not required because Client Credentials flow can request a new token any time.

• Used when the access token expires

  👉 Keeps the connection active
  👉 User doesn’t need to log in again

Used to disconnect users

👉 Stops further API access

• Recommended for security if users may disconnect integrations.

Add a test endpoint to verify the connection.

👉 Example:/me or /profile

• This is used to check if credentials are valid

💡 Choose a simple endpoint that always returns data

Define how the connection will appear to users.

👉 Example: John’s Account

👉 Use dynamic values like name or email if available

Add the API base URLs your integration will use.

• Only include required domains

• Avoid unnecessary URLs

✔ Helps keep your connection secure

💡 Prevents unwanted or unsafe calls

Used to identify each user connection

👉 Example:

• email

• account_id

👉 Helps avoid duplicate connections

Use this to automatically include values in every API request.

What does this do?

It allows you to define default key-value pairs that are added to every request.

You can configure:

• Headers

• Query Parameters

• Body

👉 These values are automatically applied to all requests made through this connection.

Authorization: Bearer {{access_token}}

api_key: {{api_key}}

version: v2

• Same headers are required in every request

• You want to avoid repeating authentication logic

• Your API needs fixed parameters

• Values change per request

• Different endpoints need different values

⚠️ Don’t add sensitive data here

• Avoid in Public Apps: This flow requires full trust between your app and the user.

• Only for Legacy/Trusted Systems: Use OAuth Authorization Code flow for modern integrations.

• Credential Storage: Always encrypt stored passwords; never log them.

• MFA Considerations: If the account uses MFA, this flow may not work unless the provider supports passing OTP or other factors.

• Register your application with the OAuth 2.0 authorization server to obtain a client ID and client Secret.