Web Connections and FME

Liz Sanderson
Liz Sanderson
  • Updated

Web Connections are a convenient way of storing web service credentials in FME to be used repeatedly and share from FME Desktop to FME Server. 

FME comes with support for a wide selection of web connections and you can also download additional ones from the FME Hub .

This article will cover the Configuring and Creating Web Services in FME, as well as the three authorization protocols we support for creating web connections:
OAuth 2.0

For this article, here is some terminology that we will be using:

Web Service

The Web Service is a definition which contains all the information the FME needs to connect to that service and how that service expects to authorize FME. There are few different authorization protocols we support: OAuth 2.0, Token and HTTP Authentication.

Web Connection

A Web Connection is where you enter user credentials so that you can connect to a web service using the already registered service.


Configuring and Creating Web Services in FME

A lot of web connections in FME work out of the box. This means that when you’re using a particular Connector transformer for your web service or the HTTPCaller you can create your web connection without editing any the web service definition. This is because Safe Software has already registered applications with those web services, and for OAuth 2.0 we are using Safe’s Client ID and Client Secret. 

If you’re beginning to author your workspace and testing it out these ‘out of the box’ connections are great to use. However, if you’re authoring a workflow that will be used repeatedly or in production workflows we recommend that you register your own application with the web service. This is because Safe’s authorization credentials could be revoked or subject to service outages at any time, which would impact any users who haven’t registered their own application with the web service. 


To manage Web Connections and Web Services you can do this within FME Options.

Learn more about each of the authorization protocols we support:


OAuth 2.0

OAuth 2.0 is an authorization protocol, which allows an application to act on behalf of a user. This is done using an access token. Depending on the web service used, a user will normally be required to authenticate with that service in order to generate an access token (behind the scenes). The application, in this case FME, will use that access token going forwards to connect to the web service.

For more detailed information on OAuth 2.0, please refer to the OAuth 2.0 Authorization Framework website. This article’s intention is to explain OAuth 2.0 in the context of FME Web Connections and is not intended to fully explain how OAuth 2.0 works.

Refer to your web service documentation when setting up a web service.
When setting up or configuring an OAuth 2.0 service in FME you will need the following:


Client ID 

This is a public identifier for your registered application

Client Secret

This is a secret string that is only known to your application and the authorization server

Redirect URI 

This is where the service will redirect the user to after they have authorized the application. This must be the same in the web service definition as what is specified in the registered application. If your web service doesn’t provide one, you can use https://localhost/ for FME Desktop and https://<public FME Server address>/fmeoauth for FME Server. Google services (and some others) may allow you to use the string urn:ietf:wg:oauth:2.0:oob which tells the service to redirect back to the application that made the call. (Note: Microsoft services will be migrating away from this URI.) Always refer to your services documentation.

Authorization URL

The authorization URL, or endpoint, is used to direct you to the right location to authorize. This URL or endpoint will contain a scope. If you’re registering your own application with a web service you will need to make sure the correct scope is specified. The scope determines what permissions or access the application will have to that web service.

Retrieve/Refresh Token URL

This URL or endpoint will be used by the application to get an access token or a refresh token.


We have some examples of OAuth 2.0 web services here:

Creating Web Service Connections in FME Using the OAuth 2.0 Protocol
ArcGIS Portal Feature Service
E-book on Creating Web Connections (With Google + as an example)
Microsoft Graph



Token authorization is used in place of a username and password. You will normally either obtain a token when registering an application with your web service or by passing your username and password so the application can generate its own token.
The token may need to be given specific permissions for authorization with the web service. 

The token should be protected and not made publicly available.

You will need to refer to the documentation for your web service in order to set it up correctly in FME.

We have some examples of token web services available:




HTTP Authentication is a simple technique for gaining access to web services as the user will only need to provide a username and password, and often referred to as basic authentication.

This would likely be used in the HTTPCaller transformer where the URL entered will accept a username and password to grant access to a web service or API.


Was this article helpful?



Please sign in to leave a comment.