A credential object is a piece of data that stores authentication information such as usernames and passwords, certificates, API keys, tokens, etc. that are used to securely manage and transmit authentication details and access different services and resources.
FlowForce Server supports the following protocols:
•SFTP (Advanced Edition)
If you have licensed MapForce and MapForce Server to run mappings as FlowForce Server jobs, you can create credential objects not only in FlowForce Server, but also in MapForce at mapping-design time. You can optionally deploy credentials created in MapForce to FlowForce Server, together with the mapping where they belong or as individual objects. A deployed credential does not necessarily have to store any sensitive data such as a username and password.
For information about creating credentials in MapForce and deploying them to FlowForce Server, refer to the MapForce documentation (https://www.altova.com/documentation). For details about setting or overriding credentials in mapping jobs, see Credentials in Mapping Functions.
Users can refer to credentials from jobs only if they have the relevant permissions granted. To make credentials from a specific container accessible to a user or role, administrators must grant the Credentials - Use permission to that user or role (see How Permissions Work).
Because the clear text password needs to be sent to the operating system's login function, passwords are stored in a reversible encrypted form in the FlowForce Server database. The administrator should make sure to restrict access to the FlowForce Server's database file, see FlowForce Server Application Data.
FlowForce Server supports the following types of credentials:
•Password (the combination of a username and password)
•OAuth 2.0 (Advanced Edition)
•SSH Key (Advanced Edition)
In FlowForce Server, you can define credentials every time you create a new job (i.e., local credentials) or create standalone (i.e., reusable) credential objects. In the case of standalone credentials, when you create a job, you can refer to the credentials defined previously instead of entering them again. Standalone credentials are also convenient, because you can update them easily in one place when they change, and this change will affect all jobs that use that credential reference.
Password credentials are required by each job; they make it possible to run the job as a particular operating system user. Specifically, when you create a job in FlowForce Server, you must supply the credentials of the user account with which the job must be executed. Note that if the user account does not have sufficient rights on the operating system, the job cannot execute successfully. Password credentials are also required when you call built-in FTP functions, where authorization to an FTP server is required. File watch triggers also require password credentials.
For details about password credentials, see Credential Type: Password.
OAuth 2.0 credentials (Advanced Edition)
OAuth 2.0 credentials are necessary in jobs that call Web services where OAuth 2.0 is required. OAuth 2.0 credentials can be defined only as standalone (not local) credentials and subsequently be referenced from any jobs where they are required. For more information about OAuth 2.0 credentials, see Credential Type: OAuth 2.0.
SSH Key credentials (Advanced Edition)
An SSH Key is a credential type that is valid only for SFTP. The main principle of this type is based on the usage of a unique pair of keys: the public key encrypts the message, the server receives it, and the private key helps decrypt this message. The credential can be used to authenticate SFTP connections. For details, see the section /system/sftp.
For more information about SSH Key credentials, see Credential Type: SSH Key.