rules for Adobe Launch triggers? | Community
Skip to main content
Urs_Boller
Community Advisor
Urs_BollerCommunity Advisor
Community Advisor
September 5, 2020
Solved

rules for Adobe Launch triggers?

  • September 5, 2020
  • 1 reply
  • 1413 views

Looking at the Adobe Launch API there is a subscription service to register a callback request. the definition of the API reguest can be found here: https://developer.adobelaunch.com/api/reference/1.0/callbacks/create/ I really love the idea of registering my own url within those callbacks, mainly because @jexner wrote a blog about: https://webanalyticsfordevelopers.com/2020/04/07/using-audit-events-in-launch/

 

the first idea was to expose one of my action to public so that I can be used to register as url in a launch callback. but how to handle "authentication"? and how to prevent somebody else calling my action? I would need to do all the checks about permission within the action itself which seems far too complicated...

 

having more insights about Firefly and triggers/rules within AIO, I assume that the funcationality of those callbacks are based on the same technology as the Firefly rules. basically it creates sort of a "rule" and invoces an action to call my registered url.

 

It would be really cool if we could just add a new "rule" to my app manifest.yml listening for defined triggers. is that possible? or any other idea how to invoce one of my action directly to Launch build events (aka triggers)?

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by duynguyen_adobe

    Hi @urs_boller , thanks for raising this question, a very nice one.

    Currently there is no Launch "callback" definition OOTB in Firefly, but we will forward the request to the respective team for consideration.

    What you could do for now, is to create a web action as a receiver of this callback. It is public without authentication.

    If there is a way that the callback emitter can attach headers, you may leverage the `require-whisk-auth` flag by Openwhisk (on which I/O Runtime is built): https://github.com/apache/openwhisk/blob/master/docs/webactions.md#securing-web-actions

    If the callback emitter can not attach headers to the request (looks like the case of Launch callback), how about a simple query param that allows you to check where a request comes from? Something like https://adobeioruntime,net/api/v1/web/guest/my-app/callback?challenge=1234.

    It is important that your webhook as a public action only accepts incoming callbacks and does not returns any data. The challenge is useful for filtering legitimate request from Launch and not another source.

    There could be other ways of securing webhooks available which require custom implementation.

    1 reply

    D
    Adobe Employee
    duynguyen_adobeAdobe EmployeeAccepted solution
    Adobe Employee
    September 7, 2020

    Hi @urs_boller , thanks for raising this question, a very nice one.

    Currently there is no Launch "callback" definition OOTB in Firefly, but we will forward the request to the respective team for consideration.

    What you could do for now, is to create a web action as a receiver of this callback. It is public without authentication.

    If there is a way that the callback emitter can attach headers, you may leverage the `require-whisk-auth` flag by Openwhisk (on which I/O Runtime is built): https://github.com/apache/openwhisk/blob/master/docs/webactions.md#securing-web-actions

    If the callback emitter can not attach headers to the request (looks like the case of Launch callback), how about a simple query param that allows you to check where a request comes from? Something like https://adobeioruntime,net/api/v1/web/guest/my-app/callback?challenge=1234.

    It is important that your webhook as a public action only accepts incoming callbacks and does not returns any data. The challenge is useful for filtering legitimate request from Launch and not another source.

    There could be other ways of securing webhooks available which require custom implementation.

      Urs_Boller
      Community Advisor
      Urs_BollerCommunity AdvisorAuthor
      Community Advisor
      September 13, 2020
      hi @duynguyen_adobe. thanks for forwarding the question. meanwhile I will try to add the public endpoint of my unprotected as callback. there is no need for a query param since I only use the start of the action as a trigger and will not rely on any input from the action. means as soon as my action get's triggered, it runs completely independent from any input params... but having a "protected" trigger would be far better...
      Terms & ConditionsAccessibility statement

      Loading footer...