Authentication for External Deployments
When creating external Deployments to connect your externally deployed models to Deeploy, you will need to configure the appropriate authentication method. This document outlines the various authentication options available to securely connect to your external models.
For more information about external Deployments, see Deployment types.
Authentication Methods
Choose from the following authentication methods depending on then authentication required to interact with the externally hosted model.
Basic Authentication
Authenticate to the provided URL using HTTP basic authentication.
- Provide a
username
andpassword
- Deeploy will base64 encode these credentials (
username:password
) - The encoded string is added to the HTTP request in the Authorization header:
Authorization: Basic {base64_encoded_credentials}
For example,
username: apiuser
password: secret123
results in the header: Authorization: Basic YXBpdXNlcjpzZWNyZXQxMjM=
.
Bearer Token
Authenticate using a token-based authentication scheme, commonly used with OAuth 2.0 and JWT.
- Provide your token in the
password
field - The token is added to the HTTP request in the Authorization header:
Authorization: Bearer {token}
For example,
password: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
results in the header: Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
.
Custom Header
Use a custom HTTP header for authentication when standard methods don't meet your requirements.
- The
username
field specifies the custom header name - The
password
field provides the header value - Useful for APIs requiring non-standard authentication headers
For example,
username: api-key
password: abcd1234
results in the header: api-key: abcd1234
.
This is particularly relevant for services like Azure OpenAI as shown in our OpenAI integration example.
OAuth Client Credentials
Authenticate using the OAuth 2.0 client credentials flow, suitable for server-to-server authentication.
- Provide your OAuth client credentials:
username
: client_idpassword
: client_secrettokenURL
: the OAuth token endpoint
- Deeploy will request an access token from the specified token endpoint with:
grant_type
: client_credentialsscope
: all-apis
- The received
access_token
is added to the HTTP request in the Authorization header:Authorization: Bearer {access_token}
Note: Currently, only bearer token types are supported.
For example,
username: client_12345
password: client_secret_67890
tokenURL: https://auth.example.com/oauth/token