Authentication
Configuring authentication schemes happens in the api.yml
file. All Fern-generated SDKs support both direct configuration and environment variables for authentication credentials.
To add an authentication scheme, specify the authentication method under the auth-schemes
section.
To apply an authentication scheme across all endpoints, reference the auth-scheme
within the auth
section of your api.yml
file.
Bearer authentication
Start by defining a Bearer
authentication scheme in api.yml
:
This will generate an SDK where the user would have to provide
a mandatory argument called token
.
If you want to control variable naming and the environment variable to scan, use the configuration below:
The generated SDK would look like:
Basic authentication
Start by defining a Basic
authentication scheme in api.yml
:
This will generate an SDK where the user would have to provide
a mandatory arguments called username
and password
.
If you want to control variable naming and environment variables to scan, use the configuration below:
The generated SDK would look like:
Custom header (e.g. API key)
You can also create your own authentication scheme with customized headers.
This will generate an SDK where the user would have to provide
a mandatory argument called apiKey
.
If you want to control variable naming and environment variables to scan, use the configuration below:
The generated SDK would look like:
OAuth client credentials
Pro and Enterprise feature
This feature is available only for the Pro and Enterprise plans. To get started, reach out to support@buildwithfern.com.
If your API uses OAuth, you can specify an oauth scheme in api.yml
and define a token retrieval endpoint in a separate auth.yml
file (example).
The request-properties
and response-properties
map OAuth standard parameters to your actual endpoint’s request and response field names defined in auth.yml
.
If the expires-in
property is set, the generated OAuth token provider will automatically refresh the token when it expires. Otherwise, it’s assumed that the access token is valid indefinitely.
The corresponding auth.yml
file (example) defines the token endpoint:
With this, all of the OAuth logic happens automatically in the generated SDKs. As long as you configure these settings, your client will automatically retrieve an access token and refresh it as needed.
When using the docs playground, token-header
and token-prefix
can optionally be set to customize the header key name and
header value prefix, to match the expected format of the API auth scheme.
For example, the following would produce a header Fern-Authorization: Fern-Bearer <token>
: