Authentication and Authorization

The purpose of authentication is to explicitly identify the user of an integration interface. The integration interfaces support several authentication modes to prevent unauthorized access.

Authorization differs from authentication in its approach. Authentication resolves the identity, whereas authorization verifies that users in question are allowed to perform the actions they are trying to carry out. Therefore, it can be assumed that before authorization, the authentication process has taken place.

Select the authentication mode for each interface in the Infrastructure Administrator (IA) tool with Integration Interfaces or Restful Interfaces package variables.

Table 1. Authentication Modes and Authorization Implications

Authentication Mode

Authorization Implications

No authentication

Any request by any consumer will be accepted and serviced by the interface. In other words, no user identification, and therefore no authorization will be performed. No authentication means the integration interface is not protected against unauthorized access.

Note:

The access to integration interface must be protected by some other means, while the authentication mode is set to No Authentication. For example, limit the access to the IP address on network level.

Anonymous Access

Any request by any consumer will be accepted but the interface will only service requests as permitted by the access rights of a pre-configured anonymous Sinch Contact Pro user account. The requesting consumer is not unambiguously identified but some pre-configured identity (anonymous login ID) is assumed. Therefore the interface can execute authorization related checks.

Note:

Protect the access to integration interface by some other means, if you choose the authentication mode Anonymous Access. For example, limit the access to the IP address on network level.

Basic Authentication

Client Certificate Authentication

The requesting interface consumer is unambiguously identified either by a user name/password or by a certificate. The interface will perform authorization-related checks and will only service requests as permitted by the configured Sinch Contact Pro access rights.

OAuth Authentication

Restful interfaces support OAuth authentication.

Added in 1608.

Note:

It is possible to enable several authentication methods at the same time. For instance, basic authentication and anonymous access can be enabled for the same interface. Such a setup would provide the option to use the anonymous account for basic interface requests, and the user / password model could be used for enhanced interface operations. However, the interface will automatically fall back to anonymous access mode if the original request does not contain the user credentials. The interface will not proactively request the user credentials in case the actual SOAP request does not contain them, and anonymous access is enabled.