Authorization

egnyte supports multiple methods for authenticating with the Egnyte API. Which one you should use depends on your situation - whether you have admin access, whether you’re running scripts interactively or in automation, and what level of security you need.

This vignette walks through each authentication method, explains when to use it, and shows you how to set it up.

Overview of Authentication Methods

egnyte supports three authentication approaches:

Method	Best For	Admin Required	Refresh Tokens
API Key	Personal use, simple scripts	Yes (to create key)	N/A
OAuth Authorization Code	Interactive use, team environments	No	Yes
OAuth Password	Automation, service accounts	No	No

Let’s look at each one in detail.

API Key Authentication

This is the simplest approach. You get an API key from your Egnyte admin (or create one yourself if you are the admin), and use it directly.

library(egnyte)

eg_auth(
  domain = "your-company",
  api_key = "your-api-key"
)

When to Use It

You have admin access to create API keys, or can easily get one from your admin
You’re writing scripts for personal use
You want the simplest possible setup

When to Avoid It

You’re building something that will be used by multiple people (each would need their own key)
You don’t have admin access and can’t easily get a key
You need more granular control over permissions

For details on obtaining and configuring an API key, see vignette("configuration").

OAuth 2.0 Authorization Code Flow

This is the standard OAuth flow where users authenticate through their browser. It’s more complex to set up initially, but provides a better experience for multi-user scenarios.

Initial Setup

Before you can use OAuth, you need to register an application with Egnyte:

Go to https://developers.egnyte.com and sign in
Create a new application
Note your Client ID and Client Secret
Set your redirect URI (default: https://localhost/callback)

Then configure egnyte with your application credentials:

library(egnyte)

eg_oauth_app(
  domain = "your-company",
  client_id = "your-client-id",
  client_secret = "your-client-secret"
)

Authorizing

Once your app is configured, initiate the authorization flow:

eg_oauth_authorize()

This will: 1. Open your default browser to the Egnyte login page 2. Prompt you to log in and approve the application 3. Redirect you to a page with an authorization code 4. Ask you to paste that code back into R

After you paste the code, egnyte exchanges it for access tokens and stores them for future use.

Token Refresh

Access tokens expire after 30 days. When they do, egnyte will automatically refresh them using the stored refresh token - no user interaction required.

If you need to manually refresh:

eg_oauth_refresh()

When to Use It

You’re building something for a team where each person authenticates with their own account
You don’t have access to API keys
You want automatic token refresh
You need the security benefits of OAuth (tokens can be revoked, scoped permissions, etc.)

When to Avoid It

You need fully automated scripts with no user interaction
You’re doing something quick and simple where API keys would suffice

OAuth 2.0 Resource Owner Password Flow

This flow lets you authenticate directly with a username and password, without browser interaction. It’s useful for automation scenarios where you can’t have a human in the loop.

Setup

First, configure your OAuth application (same as above):

library(egnyte)

eg_oauth_app(
  domain = "your-company",
  client_id = "your-client-id",
  client_secret = "your-client-secret"
)

Then authenticate with username and password:

eg_oauth_password(
  username = "your-username",
  password = "your-password"
)

Using Environment Variables

You probably don’t want passwords in your scripts. egnyte can read credentials from environment variables:

EGNYTE_USERNAME: Your Egnyte username
EGNYTE_PASSWORD: Your Egnyte password

# With environment variables set, just call:
eg_oauth_password()

If you’re running interactively and the environment variables aren’t set, egnyte will prompt you to enter your credentials.

Important Limitations

The password flow has some limitations compared to the authorization code flow:

No refresh tokens: When the access token expires, you need to re-authenticate with username and password
Password exposure risk: Your password is sent to the server (over HTTPS, but still)
May not work with SSO: If your organization uses single sign-on, this flow might not be available

When to Use It

You need automated scripts that run without user interaction
You’re using a service account specifically for API access
The authorization code flow isn’t practical for your use case

When to Avoid It

You’re running interactive sessions where browser auth is fine
Your organization uses SSO
You’re uncomfortable with password-based authentication

Choosing the Right Method

Here’s a decision tree:

Do you have an API key or can easily get one? - Yes → Use eg_auth() with your API key. Simple and effective.

Do you need automated, unattended execution? - Yes → Use eg_oauth_password(). Set credentials in environment variables.

Are you building for multiple users or want OAuth benefits? - Yes → Use eg_oauth_authorize(). More setup, but better for teams.

How Authentication State is Stored

Regardless of which method you use, egnyte stores your authentication state in R options for the duration of your session:

egnyte.domain: Your Egnyte domain
egnyte.api_key: Your API key (if using API key auth)
egnyte.access_token: Your OAuth access token (if using OAuth)
egnyte.refresh_token: Your OAuth refresh token (if available)
egnyte.token_expiry: When your OAuth token expires

These are cleared when your R session ends. If you want persistent authentication across sessions, use environment variables for your credentials.

Token Expiration

A quick note on token lifetimes:

API Keys: Don’t expire unless revoked by an admin
OAuth Access Tokens: Expire after 30 days
OAuth Refresh Tokens: Long-lived, used to get new access tokens

egnyte handles token refresh automatically when using the authorization code flow. If you’re using the password flow and your token expires, you’ll need to call eg_oauth_password() again.

Troubleshooting

“Invalid API key” error

Double-check your API key for typos or extra whitespace
Verify the key hasn’t been revoked
Make sure you’re using the correct domain

“Access denied” error

Your API key or token might not have permissions for the folder you’re accessing
Check with your Egnyte admin about permissions

Browser doesn’t open during OAuth

Make sure you’re running R interactively
Try copying the URL from the console and opening it manually

“Token expired” and refresh fails

Your refresh token might have been revoked
Run eg_oauth_authorize() again to get new tokens

Welcome to ClientVPS Mirrors

Authorization

Overview of Authentication Methods

API Key Authentication

When to Use It

When to Avoid It

OAuth 2.0 Authorization Code Flow

Initial Setup

Authorizing

Token Refresh

When to Use It

When to Avoid It

OAuth 2.0 Resource Owner Password Flow

Setup

Using Environment Variables

Important Limitations

When to Use It

When to Avoid It

Choosing the Right Method

How Authentication State is Stored

Token Expiration

Troubleshooting

Next Steps