Experience Platform provides great flexibility in the authentication protocols available to partners and customers. You can configure your destination to support any of the industry-standard authentication methods like OAuth2, bearer token authentication, password authentication, and many more.
This page explains how to set up your destination using your preferred authentication method. Based on the authentication configuration that you use when you create your destination, customers will see different types of authentication pages when connecting to the destination in the Experience Platform UI.
To understand where this component fits into an integration created with Destination SDK, see the diagram in the configuration options documentation or see the following destination configuration overview pages:
Before customers can export data from Platform to your destination, they must create a new connection between Experience Platform and your destination, by following the steps described in the destination connection tutorial.
When creating a destination through Destination SDK, the customerAuthenticationConfigurations
section defines what customers see in the authentication screen. Depending on the destination authentication type, customers must provide various authentication details, such as:
You can configure customer authentication details via the /authoring/destinations
endpoint. See the following API reference pages for detailed API call examples where you can configure the components shown in this page.
This article describes all the supported customer authentication configurations that you can use for your destination, and shows what customers will see in the Experience Platform UI based on the authentication method that you set up for your destination.
The customer authentication configuration does not require you to configure any parameters. You can copy and paste the snippets shown in this page in your API calls when creating or updating a destination configuration, and your users will see the corresponding authentication screen in the Platform UI.
All parameter names and values supported by Destination SDK are case sensitive. To avoid case sensitivity errors, please use the parameters names and values exactly as shown in the documentation.
Refer to the table below for details on which types of integrations support the functionality described on this page.
Integration type | Supports functionality |
---|---|
Real-time (streaming) integrations | Yes |
File-based (batch) integrations | Yes |
When using any of the customer authentication configurations described in this page, always set the authenticationRule
parameter in destination delivery to "CUSTOMER_AUTHENTICATION"
, as shown below.
{
"destinationDelivery":[
{
"authenticationRule":"CUSTOMER_AUTHENTICATION",
"destinationServerId":"{{destinationServerId}}"
}
]
}
Basic authentication is supported for real-time (streaming) integrations in Experience Platform.
When you configure the basic authentication type, users are required to input a username and password to connect to your destination.
To set up basic authentication for your destination, configure the customerAuthenticationConfigurations
section via the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"BASIC"
}
]
When you configure the bearer authentication type, users are required to input the bearer token that they obtain from your destination.
To set up bearer type authentication for your destination, configure the customerAuthenticationConfigurations
section via the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"BEARER"
}
]
Users select Connect to destination to trigger the OAuth 2 authentication flow to your destination, as shown in the example below for the Twitter Custom Audiences destination. For detailed information on configuring OAuth 2 authentication to your destination endpoint, read the dedicated Destination SDK OAuth 2 authentication page.
To set up OAuth2 authentication for your destination, configure the customerAuthenticationConfigurations
section via the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"OAUTH2"
}
]
Amazon S3 authentication is supported for file-based destinations in Experience Platform.
When you configure the Amazon S3 authentication type, users are required to input their S3 credentials.
To set up Amazon S3 authentication for your destination, configure the customerAuthenticationConfigurations
section via the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"S3"
}
]
Azure Blob Storage authentication is supported for file-based destinations in Experience Platform.
When you configure the Azure Blob authentication type, users are required to input the connection string.
To set up Azure Blob authentication for your destination, configure the customerAuthenticationConfigurations
parameter in the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"AZURE_CONNECTION_STRING"
}
]
Azure Data Lake Storage authentication is supported for file-based destinations in Experience Platform.
When you configure the Azure Data Lake Storage authentication type, users are required to input the Azure Service Principal credentials and their tenant information.
To set up Azure Data Lake Storage (ADLS) authentication for your destination, configure the customerAuthenticationConfigurations
parameter in the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"AZURE_SERVICE_PRINCIPAL"
}
]
SFTP authentication with password is supported for file-based destinations in Experience Platform.
When you configure the SFTP with password authentication type, users are required to input the SFTP username and password, as well as the SFTP domain and port (default port is 22).
To set up SFTP authentication with password for your destination, configure the customerAuthenticationConfigurations
parameter in the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"SFTP_WITH_PASSWORD"
}
]
SFTP authentication with SSH key is supported for file-based destinations in Experience Platform.
When you configure the SFTP with SSH key authentication type, users are required to input the SFTP username and SSH key, as well as the SFTP domain and port (default port is 22).
To set up SFTP authentication with SSH key for your destination, configure the customerAuthenticationConfigurations
parameter in the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"SFTP_WITH_SSH_KEY"
}
]
Google Cloud Storage authentication is supported for file-based destinations in Experience Platform.
When you configure the Google Cloud Storage authentication type, users are required to input their Google Cloud Storage access key ID and secret access key.
To set up Google Cloud Storage authentication for your destination, configure the customerAuthenticationConfigurations
parameter in the /destinations
endpoint as shown below:
"customerAuthenticationConfigurations":[
{
"authType":"GOOGLE_CLOUD_STORAGE"
}
]
After reading this article, you should have a better understanding of how you can configure user authentication to your destination platform.
To learn more about the other destination components, see the following articles: