Credential Center

This guide explains how to store, manage, and use credentials in the Credential Center for secure authentication across your workflow tasks.

What is the Credential Center?

The Credential Center is a centralized console within Nutrient Workflow Automation where you can store system-level credentials securely.

Why use the Credential Center?

The Credential Center provides security by enabling admins and developers to avoid exposing credentials in plain text. Only system admins can access stored credentials. The Credential Center also enables admins to collect and save all credentials in one centralized place rather than having them scattered across the platform.

Access the Credential Center

Select the gear icon at the upper right corner of your Nutrient Workflow Automation panel, and select Credential Center in the drop-down list.

Add a credential

Select Add Credentials, specify Resource Name, Description (optional), and Credential Type. The Credential Type can be Bearer token, API Key, Username/Password, Access/Secret key pair, or Token-Based Authentication (OAuth 1.0a).

Select Save.

• Bearer Token and API Key — Commonly used for REST Client or Web Service tasks for making API requests.
• Username/Password — Used for Database Sources, or REST Client/Web Service tasks depending on the authentication method of the API.
• Access/Secret key pair — Used for calling AWS Lambda functions.
• Token-Based Authentication — Used for OAuth 1.0a APIs and other services that accept OAuth 1.0a signatures.

For existing customers, the system automatically converted all existing Database Sources and Lambda credentials into resources.

Use credentials in tasks

You can use the stored credentials in various tasks across Nutrient Workflow Automation.

Database source

1. Add a database connection.
2. Enter the information required for a database connection.
3. Select a database credential from the drop-down list.
4. Test connection and select Save.

AWS Lambda task

In the Settings tab of your AWS Lambda task, select an AWS key you pre-defined in the Credential Center.

Note that this AWS key is for your custom Lambda functions. Currently there’s no way to store personal credentials required for some Nutrient Workflow Automation public Lambda functions such as Push a File to Sharepoint.

REST Client task

In the Request Parameters tab of your REST Client task, select Credential Center as a source. Choose the right credential for the request you’re making, whether it’s an API key, Bearer token, or Username/Password based on the authentication method of the API.

Token-Based Authentication (OAuth 1.0a)

Token-Based Authentication (TBA) provides secure API authentication for services that use OAuth 1.0a with Hash-based Message Authentication Code (HMAC) signatures.

Create TBA credentials

1. Select Add Credentials.
2. Enter a descriptive Resource Name (for example, "Production API").
3. Select Token-Based Authentication (OAuth 1.0a) as the Credential Type.
4. Fill in the required OAuth 1.0a credentials:
   • Consumer Key — OAuth consumer key from your API provider.
   • Consumer Secret — OAuth consumer secret (kept secure).
   • Token — OAuth access token ID.
   • Token Secret — OAuth access token secret (kept secure).
   • Realm (Optional) — Enter the realm value if required by your API provider. Leave empty if not needed.
5. Select Save.

Use TBA credentials in REST Client tasks

In the REQUEST PARAMETERS tab of your REST Client task:

1. Select Credential Center as the source.
2. Choose your TBA credential from the dropdown.
3. The REST Client automatically:
   • Generates a unique OAuth 1.0a signature for each request.
   • Adds the Authorization header with the signature.
   • Includes proper timestamp and nonce values.
   • Uses HMAC-SHA256 encryption (or HMAC-SHA1 for legacy APIs).

No additional configuration is needed — the OAuth 1.0a authentication happens automatically at runtime.