# NTLM Authentication NTLM (NT LAN Manager) authentication is a Microsoft proprietary authentication protocol used to authenticate users in a Windows-based network. It provides secure authentication by using a challenge-response mechanism, where the server sends a challenge to the client, and the client sends a response that is encrypted using a hash of the user’s password. NTLM authentication is used in various Microsoft products, including Windows, Internet Explorer, and Microsoft Office. ### NTLM in Astera Astera also offers the ability to use NTLM authentication when establishing an API connection. 1. To start, drag-and-drop the *API Connection* object from the Toolbox onto a Dataflow. ![](https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FuqIZpBIEdV3wcuVvKsrL%2F01-Drag-Drop-Connection.PNG?alt=media\&token=dcec4e1c-04f2-472f-8c90-b469d56c4337) 2. Right-click on the object and select *Properties* from the context menu. This will open a new window, ![](https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FX0Pbk1viKKZCqT4Fum9l%2F02-Open-Properties.PNG?alt=media\&token=7e771cc8-7fbb-4b86-a5b9-41798b1505d7) *Base URL:* Here, you can specify the base URL of the API which will prepend as a common path to all API endpoints sharing this connection. A Base URL usually consists of the scheme hostname and port of the API web address. *Timeout (msec):* Specify the duration, in milliseconds, to wait for the API server to respond before giving a timeout error. *Include Client SSL Certificate:* Selecting this option is going to include any Client SSL certificate that is needed for authentication. *Enable Authentication Logs:* Selecting this checkbox will allow the client to generate authentication logs when the API connection has been configured. 3. Fill in the Base URL and open the *Security Type* drop-down menu, For our use case, we have deployed an API on IIS Manager on another machine, and we will send a request to access that API. 4. Select *NTLM* as the authentication type. This will give us the following options, ![](https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2F6jLitLZVnCmkok4Pa8rq%2FNTLM-Creds.png?alt=media\&token=5b0d7230-98b5-46c3-92e2-8b68ec524cec) *Username:* This field will input the same username that is used to login to Windows. *Password:* The password associated with Windows login credentials. {% hint style="info" %} **Note:** NTLM authentication establishes API connections using a challenge-response mechanism. When sending an API request, Astera sends a hashed version of the user’s credentials (username and password) to the server, which sends back a random challenge. Astera then mixes this challenge with the user’s password and sends back a hashed value for verification. Access is granted if the validation is successful. {% endhint %} 5. Click *OK* and the *API Connection* object will be configured with NTLM Authentication. ![](https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2Fv90j1pDsJciI70MTLIfn%2F06-Configured.PNG?alt=media\&token=2bee4aa4-4e79-455f-afd1-eeed8740b5ce) This *API Connection* can then be used in *API Client* objects to make API calls to the server and receive appropriate responses in return. 6. Drag-and-drop an *API Client* object onto the dataflow and select the shared connection that was defined. ![](https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FoalqM5uNJK6T1PzEq1AO%2F07-API-Client.PNG?alt=media\&token=b66869d9-d371-44f1-9fd8-de5ba2e329f4) {% hint style="info" %} **Note:** The *Resource* will be ‘/’ since our entire address has been defined in the *Base URL*. {% endhint %} ![08-Resource](https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2Fl1TKG2zzH4ky56cIYqb7%2F08-Resource.PNG?alt=media\&token=4b230a6f-c869-4ab1-8a54-0e8587ae7742) 7. Click *OK* and preview the output of the *API Client* object. As we can see in our data preview window, the request has been sent successfully and the response has returned as ‘200 OK’. ![](https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FHw8ieVJ3kHMsk3yv6aQt%2F09-Preview.PNG?alt=media\&token=f3ebb5d0-4e97-43a2-83b4-81ab5001b351) This concludes working with and configuring the NTLM Authentication in Astera.