Authentication
NativeSuite supports three authentication methods for your end users. This guide helps you choose the right one and set it up.
Understanding the Two Auth Layers
NativeSuite has two separate authentication layers — it's important not to confuse them:
- Data Source auth — How NativeSuite authenticates with your API to fetch data. Configured on each data source (headers, tokens, etc.)
- End-user auth — How your users prove their identity in the NativeSuite mobile app. Configured as an Authentication Provider. This is what this guide covers.
Choosing an Auth Type
| Type | Setup Complexity | User Experience | Best For |
|---|---|---|---|
| API Key | Low | User pastes a key | Internal tools, service dashboards, simple integrations |
| Username & Password | Medium | Familiar login form | Apps with existing user account systems |
| OAuth Redirect | Higher | Web-based SSO flow | Apps with web-based auth, OAuth providers, SSO |
API Key Authentication
The simplest option. You provide each user with an API key, and they enter it in the NativeSuite mobile app.
Setup
- Go to Authentication → Create Auth Provider
- Select API Key
- Configure:
- Header name — Which header NativeSuite sends the key in (e.g.,
X-API-Key) - Validation endpoint — An endpoint on your API that validates the key and returns user info
- Header name — Which header NativeSuite sends the key in (e.g.,
How It Works
- User enters their API key in the NativeSuite app
- NativeSuite sends the key to your validation endpoint
- Your endpoint confirms the key is valid and returns user info
- NativeSuite stores the key and uses it for all subsequent data source requests
When to Use
- Your app already issues API keys to users
- You want the simplest possible setup
- Users are technical (comfortable with API keys)
Username & Password Authentication
Users log in with credentials from your existing system.
Setup
- Go to Authentication → Create Auth Provider
- Select Username & Password
- Configure:
- Login endpoint — Your API endpoint that accepts credentials and returns a token
- Token type — How the returned token is sent in subsequent requests (Bearer, header, etc.)
How It Works
- User enters their username and password in the NativeSuite app
- NativeSuite sends credentials to your login endpoint
- Your endpoint validates and returns a token
- NativeSuite stores the token and uses it for data source requests
When to Use
- Your app has a standard username/password login
- Users are non-technical and expect a familiar login flow
OAuth Redirect Authentication
Users authenticate through your web-based login flow.
Setup
- Go to Authentication → Create Auth Provider
- Select OAuth Redirect
- Configure:
- Authorization URL — Where to redirect users for login
- Callback handling — How NativeSuite receives the auth token after login
How It Works
- User taps "Connect" in the NativeSuite app
- A web browser opens with your authorization URL
- User logs in through your web flow
- Your server redirects back to NativeSuite with a token
- NativeSuite stores the token for data source requests
When to Use
- Your app uses OAuth, SAML, or web-based SSO
- You don't want to build a native login form
- You need support for social logins (Google, GitHub, etc.)
Multiple Auth Providers
An app can have multiple authentication providers. For example:
- API Key for power users and integrations
- OAuth Redirect for regular users
Users choose their preferred method when connecting in the mobile app.
Security Considerations
- NativeSuite never stores raw passwords — Only tokens returned by your endpoints
- Tokens are stored securely on the user's device
- Credentials are transmitted over HTTPS at every step
- You control token expiry — NativeSuite respects your token lifecycle