Set up Client credentials, Redirect URI, Scope, Endpoints, and Grant type.

• Client Credentials: The Client ID and Client Secret are generated in the target endpoint. This acts as the unique identity for your SnapLogic "client" integration.
• Redirect URI: SnapLogic dynamically generates the redirect URI based on the Snap Pack, and you must add this to the corresponding OAuth2 application on the server side. For example:

  • https://emea.snaplogic.com/api/1/rest/admin/oauth2callback/msdynamics365fo

  • https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/msdynamics365fo

• Scope: Define the specific permissions your integration requires (for example, read, write, crm.objects). This ensures SnapLogic only accesses what is necessary for your pipeline.
• Endpoints: You must provide the Authorization URI (to verify the user) and the Token URI (to exchange the code for the actual key).
• Grant Type: The most commonly used grant type is Authorization Code (for user-authenticated access) or Client Credentials (for machine-to-machine access).

Initiate the OAuth2 flow through the Authorize button (trigger the actual approval process).

• Authorize: Within your SnapLogic Account settings, click the Authorize button. This launches a secure pop-up window connecting to the target endpoint.
• User Consent: You (or a system admin) must log in to the external application and explicitly click Allow to grant SnapLogic permission to act on your behalf.
• Callback: Once approved, the application sends a temporary authorization code back to SnapLogic via the configured Redirect URI.

Once the user consents, the SnapLogic Platform automatically retrieves access and refresh tokens.

• Exchange: SnapLogic immediately sends that authorization code to the Token URI.
• Storage: The API returns an Access Token (the active key to the data) and a Refresh Token (the key to generate new access tokens).
• Encryption: SnapLogic securely stores these tokens within the account metadata. They are now ready to be used by any pipeline you build that references this account.

Automatic refresh before expiration (if enabled).

• Proactive Refresh: Access tokens are usually short-lived (for example, 60 minutes). If Auto-refresh is enabled, SnapLogic monitors the expiration timestamp.
• Zero Downtime: Before the token expires, SnapLogic uses the Refresh Token to request a new Access Token in the background. This happens without interrupting your running pipelines.
  Note: The SnapLogic Platform refreshes OAuth2 tokens every 10 minutes, but these tokens will expire within the next 20 minutes. The existing tokens are replaced with the ones returned during the refresh.

With the tokens generated and managed, your integration is ready for production.

• Header Injection: When your Snap (such as a HTTP Client or ServiceNow Read) executes, it automatically references the OAuth2 account you created.
• Standardized Format: SnapLogic automatically adds the token to the HTTP Request header, typically as:

  Authorization: Bearer <your_access_token>

• Error Handling: If a request fails due to an expired token, SnapLogic can automatically attempt a refresh and retry the request.