OAuth 2.0 FAQs

If you need additional assistance, please reach out to your Ironclad support representative.

What does this OAuth 2.0 do?

  • OAuth is an alternative way of authenticating API requests. Currently you can use a bearer token to access Ironclad API; OAuth is an alternative protocol that is more secure and in line with industry standards

How would we use it at my company?

  • Use OAuth 2.0 to authenticate into Ironclad API so your API requests are accepted by our system as legit requests (and then be able to tie those requests back to a specific user for audit and reporting purposes)

How would OAuth 2.0 impact user experience? How would it impact admin experience?

  1. This does not impact existing integrations in any way, including those developed by Ironclad like Salesforce/Coupa/OneTrust/Slack. It is only relevant for integrations that are powered by the CLM API (e.g. custom development and/or integrations built by Ironclad Ecosystem partners) that are built using OAuth 2.0 or are migrated to use OAuth 2.0
  2. The existing user/admin experience should not be impacted and existing bearer-token-based integrations will continue to function normally at this time. This is an opt-in and strictly additive feature; until OAuth 2.0 is actually used to build and ship an integration, it'll just be there in the background.
  3. This is more of an "under the hood" improvement to use more secure API protocols. Developers will notice the most significant impact while using this feature, since the an integration is built with OAuth is a little bit different than our existing access tokens.

End User Impact:

  1. The biggest change end users would see is that they will get prompted to put in their Ironclad username/password as part of integration setup flows (very similar to how Ironclad's main website will log you out periodically and prompt you to sign back in for security reasons)
  2. You can see our OAuth 2.0 user experience in action when you log into the Ironclad Academy! (https://academy.ironcladapp.com/) Now you'll be able to use the same login experience in your own integrations.
  3. There will also be a "My Integrations" page in personal settings so they can see the list of all the integrations connected to their personal profile

Admin User Impact:

  1. The biggest change for admins is that every API action is now tied to a specific user (e.g. not just "Ironclad's API token did X action, but "Jane Doe launched a workflow via API" and "John Smith commented on a workflow via API"). So everyone interacting with Ironclad through an integration should have an appropriate-level license in the Ironclad instance. Overally, using OAuth 2.0 will be a big improvement for security and audit trails!