Service endpoint authentication schemes
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
Learn how to set the credentials in the HTTP request header when you're calling the external endpoint. Azure DevOps can then connect to the external service using the credentials. Azure DevOps supports a closed set of authentication schemes utilized by a custom service endpoint type. Azure DevOps interprets the authentication scheme that's used in any custom endpoint & support connection to the external service.
See the following authentication schemes that are part of the closed set.
Tip
Check out our newest documentation on extension development using the Azure DevOps Extension SDK.
Basic authentication
As a security measure, we recommend using service principals & managed identities over basic authentication. For more information, see Use service principals & managed identities.
Token-based authentication
This scheme takes one input - API Token (confidential)
Default authentication header used is: {{endpoint.apitoken}}
{
"id": "endpoint-auth-scheme-token",
"description": "i18n:Token based endpoint authentication scheme",
"type": "ms.vss-endpoint.service-endpoint-type",
"targets": [
"ms.vss-endpoint.endpoint-types"
],
"properties": {
"name": "Token",
"displayName": "i18n:Token Based Authentication",
"authenticationSchemes": [
{
"type": "ms.vss-endpoint.endpoint-auth-scheme-token",
"headers": [
{
"name": "Authorization",
"value": "{{endpoint.apitoken}}"
}
],
"inputDescriptors": [
{
"id": "apitoken",
"name": "i18n:API Token",
"description": "i18n:API Token for connection to endpoint",
"inputMode": "textbox",
"isConfidential": true,
"validation": {
"isRequired": true,
"dataType": "string",
"maxLength": 300
}
}
]
}
]
}
}
Certificate-based authentication
This scheme takes one input - Certificate (confidential)
The value of certificate has to be provided in the text area.
{
"id": "endpoint-auth-scheme-cert",
"description": "i18n:Creates a certificate-based endpoint authentication scheme",
"type": "ms.vss-endpoint.service-endpoint-type",
"targets": [
"ms.vss-endpoint.endpoint-types"
],
"properties": {
"name": "Certificate",
"displayName": "i18n:Certificate Based",
"authenticationSchemes": [
{
"type": "ms.vss-endpoint.endpoint-auth-scheme-cert",
"inputDescriptors": [
{
"id": "certificate",
"name": "i18n:Certificate",
"description": "Content of the certificate",
"inputMode": "TextArea",
"isConfidential": true,
"validation": {
"isRequired": true,
"dataType": "string"
}
}
]
}
]
}
}
No authentication
This scheme is used when an endpoint type doesn't require to take any input. For example, external services that support anonymous access to its resources.
{
"id": "endpoint-auth-scheme-none",
"description": "i18n:Creates an endpoint authentication scheme with no authentication.",
"type": "ms.vss-endpoint.endpoint-auth-scheme-none",
"targets": [
"ms.vss-endpoint.endpoint-auth-schemes"
],
"properties": {
"name": "None",
"displayName": "i18n:No Authentication"
}
}