Update API Authentication Configuration

Used to update the authentication configuration for an API tool. This endpoint allows you to configure various authentication methods including API tokens, OAuth2, basic authentication, and custom headers.

API Endpoint

Property	Value
Request Method	`POST`
Request URL	`https://api.seliseblocks.com/tools/api-auth-config/{tool_id}`

Request

Request Example

curl -X POST 'https://api.seliseblocks.com/tools/api-auth-config/tool_weather_api' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
    "auth_config": {
      "AuthType": "api_key",
      "APIToken": "your_api_token_here",
      "AuthKeyLocation": "header",
      "AuthKeyName": "X-API-Key",
      "AuthKeyPrefix": "",
      "Username": null,
      "Password": null,
      "OAuth2Config": null,
      "CustomHeaders": {
        "User-Agent": "MyApp/1.0"
      },
      "CustomQueryParams": {}
    },
    "headers": {
      "Content-Type": "application/json",
      "Accept": "application/json"
    },
    "project_key": "YOUR_PROJECT_KEY"
  }'

Request Headers

Field	Type	Required	Description
accept	string	Yes	Accepted response format. Use `application/json`
Content-Type	application/json	Yes	Data type, must be `application/json`.

Path Parameters

Field	Type	Required	Description
tool_id	string	Yes	Unique identifier of the API tool to configure authentication for.

Request Body

Request Body Schema

{
  "auth_config": {
    "AuthType": "none",
    "APIToken": "string",
    "AuthKeyLocation": "header",
    "AuthKeyName": "string",
    "AuthKeyPrefix": "string",
    "Username": "string",
    "Password": "string",
    "OAuth2Config": {
      "ClientID": "string",
      "ClientSecret": "string",
      "TokenURL": "string",
      "Scopes": ["string"],
      "RefreshToken": "string",
      "AccessToken": "string",
      "TokenExpiresAt": "2026-01-11T13:31:52.680Z",
      "GrantType": "client_credentials",
      "AuthorizationEndpoint": "string",
      "RedirectURI": "string",
      "PKCEConfig": {
        "CodeVerifier": "string",
        "CodeChallenge": "string",
        "CodeChallengeMethod": "S256"
      },
      "State": "string",
      "Nonce": "string"
    },
    "CustomHeaders": {},
    "CustomQueryParams": {}
  },
  "headers": {},
  "project_key": "string"
}

Request Body Parameters

Field	Type	Required	Description
auth_config	object	Yes	Authentication configuration object.
headers	object	No	Default headers to include in all API requests.
project_key	string	Yes	The project key for your project.

Authentication Configuration Fields

Field	Type	Description
AuthType	string	Type of authentication (none, api_key, basic, bearer, oauth2).
APIToken	string	API token/key for authentication.
AuthKeyLocation	string	Location of auth key (header, query).
AuthKeyName	string	Name of the authentication key/header.
AuthKeyPrefix	string	Prefix for the auth value (e.g., "Bearer ", "Token ").
Username	string	Username for basic authentication.
Password	string	Password for basic authentication.
OAuth2Config	object	OAuth2 configuration object (see below).
CustomHeaders	object	Custom headers to include in requests.
CustomQueryParams	object	Custom query parameters to include in requests.

OAuth2 Configuration Fields

Field	Type	Description
ClientID	string	OAuth2 client ID.
ClientSecret	string	OAuth2 client secret.
TokenURL	string	URL to obtain access tokens.
Scopes	array	Array of OAuth2 scopes to request.
RefreshToken	string	Refresh token for obtaining new access tokens.
AccessToken	string	Current access token.
TokenExpiresAt	string	ISO 8601 timestamp when the access token expires.
GrantType	string	OAuth2 grant type (client_credentials, authorization_code, password).
AuthorizationEndpoint	string	Authorization endpoint URL (for authorization_code flow).
RedirectURI	string	Redirect URI for OAuth2 callback.
PKCEConfig	object	PKCE configuration for enhanced security.
State	string	State parameter for CSRF protection.
Nonce	string	Nonce value for additional security.

PKCE Configuration Fields

Field	Type	Description
CodeVerifier	string	Code verifier for PKCE.
CodeChallenge	string	Code challenge derived from verifier.
CodeChallengeMethod	string	Method used for code challenge (S256, plain).

Authentication Types

1. No Authentication

{
  "auth_config": {
    "AuthType": "none"
  },
  "project_key": "YOUR_PROJECT_KEY"
}

2. API Key Authentication (Header)

{
  "auth_config": {
    "AuthType": "api_key",
    "APIToken": "your_api_token_here",
    "AuthKeyLocation": "header",
    "AuthKeyName": "X-API-Key",
    "AuthKeyPrefix": ""
  },
  "project_key": "YOUR_PROJECT_KEY"
}

3. Bearer Token Authentication

{
  "auth_config": {
    "AuthType": "bearer",
    "APIToken": "your_bearer_token_here",
    "AuthKeyLocation": "header",
    "AuthKeyName": "Authorization",
    "AuthKeyPrefix": "Bearer "
  },
  "project_key": "YOUR_PROJECT_KEY"
}

4. Basic Authentication

{
  "auth_config": {
    "AuthType": "basic",
    "Username": "your_username",
    "Password": "your_password"
  },
  "project_key": "YOUR_PROJECT_KEY"
}

5. OAuth2 Client Credentials

{
  "auth_config": {
    "AuthType": "oauth2",
    "OAuth2Config": {
      "ClientID": "your_client_id",
      "ClientSecret": "your_client_secret",
      "TokenURL": "https://auth.example.com/oauth/token",
      "GrantType": "client_credentials",
      "Scopes": ["read", "write"]
    }
  },
  "project_key": "YOUR_PROJECT_KEY"
}

6. OAuth2 Authorization Code with PKCE

{
  "auth_config": {
    "AuthType": "oauth2",
    "OAuth2Config": {
      "ClientID": "your_client_id",
      "ClientSecret": "your_client_secret",
      "TokenURL": "https://auth.example.com/oauth/token",
      "AuthorizationEndpoint": "https://auth.example.com/oauth/authorize",
      "RedirectURI": "https://yourapp.com/callback",
      "GrantType": "authorization_code",
      "Scopes": ["read", "write"],
      "PKCEConfig": {
        "CodeVerifier": "generated_code_verifier",
        "CodeChallenge": "generated_code_challenge",
        "CodeChallengeMethod": "S256"
      },
      "State": "random_state_string"
    }
  },
  "project_key": "YOUR_PROJECT_KEY"
}

Response

Success Response (200 OK)

Returns an object containing the authentication configuration update status.

{
  "is_success": true,
  "item_id": "tool_weather_api",
  "detail": "API authentication configuration updated successfully",
  "error": {}
}

Response Fields

Field	Type	Description
is_success	boolean	Indicates whether the operation was successful.
item_id	string	Unique identifier of the tool that was configured.
detail	string	Success or failure message with additional context.
error	object	Error details if the operation failed (empty if successful).

Error Response (422 Unprocessable Entity)

Returns validation error details when the request body is invalid.

{
  "detail": [
    {
      "loc": [
        "body",
        "auth_config",
        "AuthType"
      ],
      "msg": "invalid authentication type",
      "type": "value_error.str.regex"
    }
  ]
}

Error Response Fields

Field	Type	Description
detail	array	Array of validation error objects.
loc	array	Location of the error in the request (e.g., path, body).
msg	string	Human-readable error message.
type	string	Error type identifier.

Error Codes

Status Code	Description	Response Type
200	Successful Response	Success
400	Bad Request - Invalid authentication config	Bad Request
404	Not Found - Tool does not exist	Not Found
422	Validation Error - Invalid request parameters	Unprocessable Entity

warning

Security Best Practices

Never expose credentials: Store API keys, tokens, and secrets securely
Use HTTPS: Always use HTTPS for API endpoints requiring authentication
Rotate credentials: Regularly rotate API keys and tokens
Least privilege: Request only the OAuth2 scopes necessary for your use case
Token expiration: Implement proper token refresh logic for OAuth2
PKCE for public clients: Always use PKCE for OAuth2 authorization code flow in public clients
Validate tokens: Implement token validation on the server side
Monitor access: Log and monitor API authentication attempts

tip

Authentication Type Selection

none: For public APIs that don't require authentication
api_key: For simple API key-based authentication
bearer: For JWT tokens or similar bearer token schemes
basic: For username/password authentication (use with HTTPS only)
oauth2: For secure, delegated access with token refresh capabilities

Custom Headers and Query Parameters Use CustomHeaders and CustomQueryParams to add additional authentication-related headers or parameters required by specific APIs (e.g., API version headers, client identifiers).

API Endpoint​

Request​

Request Example​

Request Headers​

Path Parameters​

Request Body​

Request Body Schema​

Request Body Parameters​

Authentication Configuration Fields​

OAuth2 Configuration Fields​

PKCE Configuration Fields​

Authentication Types​

1. No Authentication​

2. API Key Authentication (Header)​

3. Bearer Token Authentication​

4. Basic Authentication​

5. OAuth2 Client Credentials​

6. OAuth2 Authorization Code with PKCE​

Response​

Success Response (200 OK)​

Response Fields​

Error Response (422 Unprocessable Entity)​

Error Response Fields​

Error Codes​