Skip to content

StageDefsAuthConfig.md

Latest commit

 

History

History
33 lines (24 loc) · 3.91 KB

StageDefsAuthConfig.md

File metadata and controls

33 lines (24 loc) · 3.91 KB

StageDefsAuthConfig

Authentication configuration for API calls. Defines how to authenticate with external APIs using credentials stored in the organization secrets vault. Credentials are NEVER stored in the stage configuration - only references to vault secrets. ⚠️ CRITICAL SECURITY WARNINGS: - NEVER store actual credentials in configuration - ALWAYS use secret_ref to reference vault secrets - Credentials are encrypted at rest in vault - Decrypted values never appear in logs or API responses How It Works: 1. Store secret via: POST /v1/organizations/secrets 2. Reference secret via: auth.secret_ref in stage config 3. At runtime: Secret is retrieved, decrypted, and injected into request 4. Security: Original secret value never exposed or logged Requirements: - type: REQUIRED, authentication method (none, api_key, bearer, basic, custom_header) - secret_ref: REQUIRED (except for type=none), name of secret in vault - key: REQUIRED (for api_key and custom_header types), header/query param name - location: OPTIONAL (for api_key type), 'header' or 'query' (default: header) Supported Authentication Types: - Bearer tokens (OAuth 2.0, JWT): Most modern APIs - API keys: Weather APIs, Maps, etc. - Basic auth: Legacy systems - Custom headers: Non-standard auth schemes

Properties

Name Type Description Notes
type StageDefsAuthType REQUIRED. Authentication method to use. Options: none (public API), api_key (API keys), bearer (OAuth/JWT), basic (HTTP Basic Auth), custom_header (non-standard headers). See AuthType enum for detailed description of each type. [optional]
secret_ref str REQUIRED (except for type=none). Name of secret in organization vault. The secret must be created first via POST /v1/organizations/secrets. Format: Use the exact secret_name from vault (e.g., 'stripe_api_key'). At runtime, the secret value is securely retrieved and decrypted. The decrypted value is then injected into the request per auth type. SECURITY: NEVER store actual credentials here - only the reference name. Examples: 'stripe_api_key', 'github_pat', 'weather_api_key' [optional]
location str OPTIONAL (for api_key type only). Where to inject the API key. Options: 'header' (recommended, more secure) or 'query' (less secure). Default: 'header' if not specified. Query parameters appear in URLs and logs - use headers when possible. Ignored for other auth types (bearer, basic, custom_header). [optional]
key str REQUIRED (for api_key and custom_header types). Header name or query parameter name for authentication. For api_key with location=header: Header name like 'X-API-Key', 'Authorization'. For api_key with location=query: Query param like 'apikey', 'api_key', 'key'. For custom_header: Any custom header name like 'X-Custom-Auth', 'X-Token'. Ignored for bearer and basic types (use standard headers). Common patterns: 'X-API-Key', 'Authorization', 'X-Auth-Token' [optional]

Example

from mixpeek.models.stage_defs_auth_config import StageDefsAuthConfig

# TODO update the JSON string below
json = "{}"
# create an instance of StageDefsAuthConfig from a JSON string
stage_defs_auth_config_instance = StageDefsAuthConfig.from_json(json)
# print the JSON string representation of the object
print(StageDefsAuthConfig.to_json())

# convert the object into a dict
stage_defs_auth_config_dict = stage_defs_auth_config_instance.to_dict()
# create an instance of StageDefsAuthConfig from a dict
stage_defs_auth_config_from_dict = StageDefsAuthConfig.from_dict(stage_defs_auth_config_dict)

[Back to Model list] [Back to API list] [Back to README]