Deprecation Notice
Transition from Basic Authentication to OAuth 2.0 with Client Credentials for Cogito APIs
As a part of our ongoing commitment to security, performance and continuous improvement of the Cogito Platform/APIs, with the release of 24.5 we are announcing the deprecation of the Basic Authentication method used for accessing Cogito APIs. This announcement will impact existing integrations with Cogito’s User Management API, Redact API (telephony supported audio redaction) and Notifications API specifically.
Moving forward, we strongly encourage all integrations to migrate to using OAuth 2.0 with Client Credentials for authentication purposes.
Why the Change?
OAuth 2.0 with Client Credentials offers a more robust security framework compared to Basic authentication. With OAuth 2.0, authentication tokens are used instead of transmitting sensitive credentials with each request. This significantly reduces the risk of unauthorized access and enhances the overall security posture of your applications.
Additionally, OAuth 2.0 has become the industry standard for API authentication due to its versatility, scalability, and security features. OAuth 2.0 not only compliments mTLS but also streamlines the authentication process as well. By adopting OAuth 2.0 with Client Credentials, you align your integration with widely accepted best practices and ensure compatibility with future updates and API enhancements.
Timeline for Deprecation
Deprecation Date: Cogito Month Feature Release 24.5 (May)
End of Support Date & Removal: Cogito Month Feature Release 24.11 (November)
Support
We understand that migrating authentication methods will require adjustments/development work to your existing applications integrated with Cogito. To assist you with this transition, we have prepared the following documentation and resources:
- What is OAuth and what client credentials grant?
- How to Access APIs using OAuth to answer how to access the Cogito APIs using this new authentication method
Our Technical Services Team (TS) will be available to provide guidance and address any questions or concerns you may have throughout the transition process.
Please take action before the specified end of support date to ensure uninterrupted access to the Cogito APIs and to maintain the security and performance of your integrations.
Updated 6 months ago