Using Airbyte Connector Builder with OAuth2 Bearer Token Authentication


Exploring the possibility of using Airbyte Connector Builder to connect to an API with OAuth2 bearer token authentication that expires every 5 hours.


Hi guys,
is there a way to use airbyte no code connector builder to connect to a API that uses Oauth2 bearer token authentication that expires every 5 hours.

This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. Click here if you want to access the original thread.

Join the conversation on Slack

["airbyte", "connector-builder", "oauth2", "bearer-token", "authentication", "api"]

Yes, you can use Airbyte’s No Code Connector Builder to connect to an API that uses OAuth2 bearer token authentication. The Connector Builder supports various authentication methods, including OAuth. When configuring the OAuth authentication, you can specify the Token expire property date format. If not specified, the expiry property is interpreted as the number of seconds the access token will be valid. You can also specify the Access token property name, which is the name of the property in the response that contains the access token to do requests. If not specified, it’s set to access_token. However, keep in mind that the OAuth authentication method does not implement a single-click authentication experience for the end user configuring the connector. It will still be necessary to obtain client id, client secret, and refresh token from the API and manually enter them into the configuration form. Here is an example of how you can set up the OAuth authentication in your YAML schema: yaml authenticator: type: OAuthAuthenticator token_refresh_endpoint: "<>" client_id: "{{ config['client_id'] }}" client_secret: "{{ config['client_secret'] }}" refresh_token: "{{ config['refresh_token'] }}" access_token_name: "access_token" expires_in_name: "expires_in" Please refer to the Authentication section in the Airbyte documentation for more detailed information.

<@U04SE163WC8> This API does not require a refresh token. Only a client-id and client-secret

Based on the information provided in the extracts, it seems that most APIs integrated with Airbyte require not only a client_id and client_secret, but also a refresh_token or access_token for authentication. However, the specific API you’re referring to isn’t mentioned in the extracts, so I can’t provide a definitive answer. For example, the Notion, Google Ads, LinkedIn Pages, Zoho CRM, Bing Ads, and Okta sources all require a refresh_token or access_token in addition to the client_id and client_secret. Please refer to the specific documentation for your API to understand its authentication requirements.


A message from|

I’m sorry, but the information provided in the extracts does not include details about the specific API you’re referring to ( Therefore, I’m unable to provide a confident answer based on the given extracts. For accurate information, please refer to the specific API documentation or the Airbyte Connector Development documentation for general guidelines on how Airbyte handles different types of authentication.

<@U04SE163WC8> this is the documentation – Authenticating with the Candid Health API.
Candid Health utilizes the <|OAuth 2.0 bearer token authentication scheme> in our auth flow. You obtain the bearer token for all subsequent API requests via the /auth/token endpoint defined below, which requires you to provide your client_id and client_secret. Your client_id and client_secret are provided to you during the Candid onboarding process.
The bearer token should be provided in the Authorization header for all subsequent API calls.
The bearer token expires 5 hours after it has been created. After it has expired, the client will receive an “HTTP 401 Unauthorized” error, at which point the client should generate a new token. It is important that tokens be reused between requests; if the client attempts to generate a token too often, it will be rate-limited and will receive an “HTTP 429 Too Many Requests” error.

New message text here