Platform API and Partner API authentication
Review the different authentication methods that users can employ to successfully make calls to the Boomi Enterprise Platform API and Boomi Enterprise Platform Partner API.
User name and password credentials
Single sign-on (SSO) Administration users and regular users (non-SSO) can authenticate calls to the Boomi Enterprise Platform and Partner APIs using their user name and password credentials in a Basic Auth type authorization.
Boomi Enterprise Platform API tokens
If single sign-on (SSO) users do not have Administrator privileges, they must use API tokens to authenticate any Boomi Enterprise Platform or Partner API calls. Similarly, users that enable two-factor authentication (2FA) on their accounts can authenticate their API calls using a single API token rather than manually entering individual authentication codes per API call.
Regular non-SSO users and administrators who use SSO can also use API tokens to authenticate their APIs. They must follow the same instructions for using the token's value in the request header described below. For instance, use the API token feature if the user wants to limit API calls to a specific account.
Users generate API tokens for their account from the Settings > Account Information and Setup > Boomi Enterprise Platform API Tokens page and use the token's value in place of a password:
-
When making manual calls to the Boomi Enterprise Platform or Partner APIs, users must enter the API token value within the password field of a Basic Auth type authorization. In addition, the user name value must be the Boomi Enterprise Platform user name authenticating the request and be in the form of
BOOMI_TOKEN.<username>. -
When making automatic calls to the Boomi Enterprise Platform or Partner APIs, users must replace the
<username:password>value in the Basic Auth header withBOOMI_TOKEN.<username>:<token_value>.For example, the following shows a user using an API token to authenticate a GET request made to the Audit Log object:
curl --user "BOOMI_TOKEN.user@boomi.com:123aab45-67b8-9012-3a45-67c8e9e01e23" --request GET 'https://api.boomi.com/api/rest/v1/account123/AuditLog/documentId-321'
https://api.boomi.com/api/rest/v1/{YOUR_ACCOUNT_ID}/Deployment/XXXXX
For more information about API tokens and how to add them to your account, refer to the topics API Tokens and Adding new API Tokens on a user account.
Two-factor authentication
As described in the previous section, you can generate and use an API token to make calls from accounts enabled with 2FA. For any calls that you wish to automate, encourages you to use API tokens.
In some cases, however, you may be making less frequent, ad-hoc calls and do not require the automation benefits that a token provides. For such calls, simply include X-Boomi-OTP as an HTTP header and set the time-based one-time password (TOTP) authentication code as its value. For more information about 2FA, refer to the topic Two-factor authentication and all related subtopics.
JWT authentication tokens
You can generate a JWT token to use JWT to authenticate calls to certain Boomi Enterprise Platform APIs, the Master Data Hub Repository API, and GraphQL APIs.
To generate a JWT token, you must use HTTP Basic authentication and provide your Boomi Enterprise Platform account username and poassword in a GET request to the Boomi Enterprise Platform API.
Send a GET request to https://api.boomi.com/auth/jwt/generate/{accountId}, where {accountId} is the ID of the authenticating accout for the request. You can obtain your Enterprise Platform account information in Settings > User Information > Account Information.
JWT tokens expire after 5 minutes. If you make a request with an expired token, you will receive a 401 error.
