Guides

Authentication

Suggest Edits

Authenticating to the DealHub API ecosystem is primarily handled through a secure, token-based system. However, the specific method can vary depending on whether you are making a call to DealHub or receiving a call from DealHub. This guide provides a conceptual overview of the different authentication patterns.

Standard API Authentication (Inbound)

For most system-to-system integrations where an external application calls a DealHub API endpoint, authentication uses a DealHub Authentication Token.

This method applies to the following APIs:

  • Quote Open API
  • Version Open API
  • User Open API
  • Pricing API
  • Generate Quote and Actions API
  • Partner API
  • Pricing API

How it Works

This process ensures that only authorized applications can access your DealHub data. It involves generating a secret key in DealHub and using it in your application's API requests.

🚧

API Key visibility

Make sure to copy your key as soon as you add it, you will not be able to see it again.

  1. First, a CPQ administrator generates a secret DealHub Authentication Token within the DealHub system settings. To do this, navigate to Control Panel > System Settings > API Settings and click Add.

  2. Securely share this token with your consuming application, which will be sending requests to DealHub.

  3. For every API request, include the token in the Authorization header as a Bearer token.

The following code snippet shows the use of the token in the request header to get all versions.

curl --location 'https://<YOUR_DEALHUB_URL>/api/v1/versions' \
--header 'Authorization: Bearer <SECRET_TOKEN_PROVIDED_BY_CPQ_ADMIN>'

If the token is missing or invalid, DealHub returns an HTTP 403 Unauthenticated error.

Outbound Call Authentication (From DealHub)

When DealHub calls an external system (for example, for a WebHook, External Query, or Callout), the authentication method is configured within DealHub to match the requirements of the receiving endpoint.

The DealHub administrator can specify one of the following authentication types:

  • Token: DealHub sends a secret bearer token in the Authorization header. Use this when the external endpoint is secured by a bearer token. This method uses the following header format:
  • Basic: DealHub sends a username and password for Basic Authentication.
  • None: Use this if the external endpoint does not require authentication or uses a different security method, such as a Shared Access Signature (SAS) token embedded directly in the URI.

Partner API Authentication (PRM Integration)

Integrating a Partner Relationship Management (PRM) or partner portal involves a unique, two-step authentication process designed to securely grant partner users access to DealHub.

This flow consists of two main requests:

  1. Authenticate User (Server-to-Server): Your partner system initiates a POST request to the /api/v1/authenticate/user endpoint. This request includes a long-lived authentication key (shared by the DealHub admin) and the partner's user information in the request body.
  2. Receive One-Time Token: DealHub validates the request and returns a short-lived (60 seconds) access token.
  3. Open DealHub CPQ: The one-time access token received from DealHub should be securely passed to the client. The client then makes a request to /api/v1/open/quote or /api/v1/create/quote using the token as a Bearer Token in the Authorization header. This request must come from the client side so that DealHub can return both a redirect URL and set an cookie in the browser, allowing the user to be automatically logged in to the DealHub portal.
  4. Get Redirect URL: DealHub returns a unique URL that redirects the authenticated partner user to the appropriate page within the DealHub portal.

This process ensures that partner users are securely authenticated through the partner portal without needing direct DealHub login credentials.

Updated about 2 months ago