Skip to main content

Integration Credentials

The IntegrationCredential model provides a secure way to store OAuth credentials and other authentication data for integrations that cannot be defined in static configuration files ahead of time.

Purpose

Many integrations require OAuth flows where credentials are obtained dynamically through user authentication. These credentials cannot be hardcoded in config files and need to be stored securely in the database with encryption.

Usage

The model provides three simple static methods for managing integration credentials:

Store Credentials

IntegrationCredential::put('BusinessCentral', 'sweden', [
    'clientId' => 'abc123',
    'clientSecret' => 'secret456',
    'tenantId' => 'tenant789',
    'environment' => 'Production',
    'companyId' => 'company-sweden-id'
]);

Retrieve Credentials

$credentials = IntegrationCredential::get('BusinessCentral', 'sweden');
// Returns: ['clientId' => '...', 'clientSecret' => '...', ...] or null

Check if Credentials Exist

$hasCredentials = IntegrationCredential::exists('BusinessCentral', 'sweden');
// Returns: true or false

Security

The data column is automatically encrypted using Laravel’s encrypted:array cast, ensuring sensitive credentials are never stored in plain text in the database.

Example Implementation

The BusinessCentralClientFactory demonstrates the integration pattern: 
public function make(BusinessCentralCompany $company): BusinessCentral
{
    // Try database credentials first
    $credentials = IntegrationCredential::get('BusinessCentral', $company->value);

    if ($credentials) {
        return new BusinessCentral(
            clientId: $credentials['clientId'],
            clientSecret: $credentials['clientSecret'],
            // ... other parameters from stored credentials
        );
    }

    // Fallback to config-based approach
    return new BusinessCentral(
        clientId: config('businesscentral.client_id'),
        // ... other config parameters
    );
}
This pattern allows seamless transition from static configuration to dynamic OAuth-based authentication.