Our New Open Source OAuth Integrations Manager

Within my company, Bearer, the whole team is focused on helping developers that rely on third-party APIs. In 2019, our engineers developed a solution that eased how to integrate with any API that uses OAuth.

It saved hours of engineering time when working with API integrations, by handling both the authentication strategy (with refresh tokens) as well as proxying the request.

As we believe no developers should ever have to spend hours dealing with the ins and outs of integrating OAuth API, we’ve decided to fully open-source our tool. Introducing Pizzly: The OAuth Integration Proxy.

What is Pizzly?

Pizzly is an OAuth Integrations Manager. It provides everything a developer needs to easily consume an OAuth-based API (aka an API that uses OAuth as the authentication method).

Most APIs now use the OAuth framework to authorize an application that wants to access a user's data. One of the main reasons is that OAuth provides the best user experience while being very secure. But one thing has been totally forgotten in the OAuth framework: the developer experience.

It is much more difficult for a developer to use an OAuth based API than it is to use an API that relies on an API Key. Try timing yourself on how long it takes to integrate with two APIs. Let's see how long it takes to have your first successful request to the Stripe API compared to the Google Sheets API.

It took me around 43 minutes and 19 seconds to perform an authenticated request to Google Sheets starting from scratch (source). And only 5 minutes for Stripe (source). We should change that.

Pizzly aims to provide the best developer experience when using an OAuth-based API. One of its power-features is that it completely handles the OAuth-dance (including refreshing a token), meaning a developer can focus on requesting endpoints without spending hours dealing with authentication.

Here's the same test using Pizzly:

It took me almost the same amount of time (5 min vs 7 min) to perform an authenticated request to the Google Sheets API compared with Stripe, starting from scratch with Pizzly. Again, here's the source. And contrary to the previous test, using Pizzly means the token will be refreshed once expired.

How does it work?

Pizzly provides multiple tools to help developers with their API integrations, including:

• an auth service - to handle the OAuth-dance;
• a proxy - to make authenticated requests to an API;
• a dashboard - to enable and configure APIs;
• a JS library - to connect a user from your frontend.

The two major services are Auth and Proxy:

1. The auth service handles the OAuth-dance and generates what is called an authId each time a user has successfully authorized your OAuth application. The authId acts as a reference to the OAuth payload (i.e. access token and refresh token). While the access token and refresh token expire and change over time, the authId is always the same. Think of it as something like a user identity.
2. The proxy service forwards HTTP requests to the third-party APIs. To authenticate the request, the developer sends the authId alongside. This tells the proxy service to transform the request and authenticate it with the right access token. In case it has expired, Pizzly will refresh the token and retry the request.

Another great tool that Pizzly brings is the dashboard.

The dashboard lets you configure your integrations, test them, and look at what's happening.

How to use it?

Pizzly is self-hosted, meaning you can install it on your machine or
any platform-as-a-service (e.g. Heroku, AWS, etc.). Here's a guide on how to get started.

Once installed, enable an API from the list and trigger a complete
OAuth-dance in a few lines of code using the Pizzly JS library:

// Initialize Pizzly
const pizzly = new Pizzly({ host: "pizzly.example.org" }) 
const api = pizzly.integration('api')

// Connect a user to an API
api
  .connect()
  .then(({ authId }) => console.log("Sucessfully connected!", authId))
  .catch((error) => console.error("It failed!", error))

When a user is successfully connected, you retrieve an authId that you can use to make authenticated requests to the API. Here's a cURL on how to make a request to the Google Sheets API to create a spreadsheet on the user's drive:

curl -X POST /proxy/google-sheets/ \
 -H "Pizzly-Auth-Id: REPLACE-WITH-YOUR-AUTH-ID"

No matter what your backend is running on (Ruby, Go, Node.js), send your requests to the proxy. It makes integrating APIs much faster. You can even perform your calls from your frontend, with the JS client.

Some demo

Some great project are already using Pizzly to handle the API requests:

• Airtable Shipping Block
• Push to Google Sheets
• GitHub fetch profile (tutorial) in React or Vue.js

Psst. At Bearer.sh, Pizzly is a full part of our API integrations flow, to manage Slack notifications for example.

How it can help you?

Pizzly supports more than 50 APIs out-of-the-box. All you need to do
is set your credentials and scopes in the dashboard. This list includes
the most common APIs, such as:

• Communication APIs: Gmail, Microsoft Teams, Slack, Zoom;
• CRM: Front, Hubspot, Salesforce, etc.
• Developer tools: BitBucket, GitHub, GitLab, etc.
• Finance APIs: Xero, Sellsy, Zoho Books, etc.
• Productivity: Asana, Google Drive, Google Sheets, Jira, Trello, etc.
• Social APIs: Facebook, LinkedIn, Reddit, etc.
• and more...

But that's not all. Each pre-configured API is a .json file located within the /integrations/ folder. So if you want an API that is not pre-configured yet, you can set up the configuration as a new .json file within that directory. If ever you feel like sharing, create a new PR to share your own configuration with the community.

Built with

• Node.js ⚡️
• Passport.js - To handle the OAuth dance
• Knex - To manage requests to the database 📃
• EJS - For the dashboard templating ⚙️
• Vanilla JavaScript - For some magic 🍦

Support us

Star the repo on GitHub, Tweet, share among your friends, teams and contacts!

You can also get in touch directly with me via email at [email protected] or on Twitter @frenchcooc. And if you really want to help us make Pizzly better, contribute to the GitHub repo!

Previously published at https://blog.bearer.sh/introducing-pizzly-oauth-proxy/