Training Day
Integration Fundamentals

Authentication

Understanding common authentication methods for FileMaker integrations

Authentication is a fundamental aspect of any integration project. This page explores common authentication methods you'll encounter when connecting FileMaker to external systems and services.

What is Authentication?

Authentication answers the question "Who are you?" It's the process of verifying the identity of a user, system, or application before allowing access to resources.

In the context of integrations:

  • Your FileMaker solution might need to authenticate to external services
  • External systems might need to authenticate to your FileMaker solution
  • End users might need to authenticate through your integration

Common Authentication Methods

API Keys

Simple token-based authentication, commonly used for server-to-server communication.

When to use API keys:

  • For simple integrations with lower security requirements
  • When working with services that don't support more advanced methods
  • For internal or non-public APIs

OAuth 2.0

Industry-standard authorization framework used by many modern APIs.

When to use OAuth 2.0:

  • When integrating with major platforms (Google, Microsoft, Salesforce, etc.)
  • When you need to access user data on their behalf
  • For more secure and controlled access to resources

We'll be doing a deep dive into OAuth 2.0 during our QuickBooks Online integration example later in the workshop.

JWT (JSON Web Tokens)

Self-contained tokens for secure information exchange.

When to use JWTs:

  • For stateless authentication between services
  • When you need to securely pass information between parties
  • As part of a Single Sign-On (SSO) implementation

Basic Authentication

Simple username/password authentication.

When to use Basic Authentication:

  • For simple internal services
  • When other authentication methods aren't available
  • For testing and development (not recommended for production without HTTPS)

Managing Authentication Credentials

Best Practices for Credential Storage

  • Store credentials in a secured table with limited access
  • Consider encrypting sensitive credentials when storing
  • Implement a credential rotation strategy
  • Separate development and production credentials

Choosing the Right Authentication Method

Consider these factors when selecting an authentication approach:

  1. Security requirements: What level of security does your data need?
  2. Service requirements: What methods does the target service support?
  3. User experience: Will users need to authenticate directly?
  4. Implementation complexity: What resources do you have available?
  5. Maintenance overhead: How will credentials be managed long-term?

Practical Tips

  • Always use HTTPS/TLS for any authentication to protect credentials in transit
  • Keep credentials out of your scripts when possible
  • Implement token refresh processes for expiring credentials
  • Plan for credential rotation as part of system maintenance
  • Document your authentication approach for future developers

API

API's are a foundation of most but not all integrations.

Source of Truth

Establishing authoritative data sources and managing data ownership

On this page