What options do I have for authenticating an action? | Community
Skip to main content
O
oliverf82757722
Level 2
October 29, 2020
Solved

What options do I have for authenticating an action?

  • October 29, 2020
  • 7 replies
  • 2763 views

I'm trying to create a headless application which essentially just transforms some JSON and puts it into the Adobe Analytics Data Insertion.

The call into the analytics data insertion doesn't seem to require any authentication.

I don't want to remove the `require-adobe-auth` from the manifest but I'm not sure what my options are if I do that?

All I'm trying to do is to call an external service. I don't need to add an API or anything that requires auth but I'm just getting a bit lost in the documentation.

 

I've been asked to explore using basic auth for this but I just don't know if that's possible. Thanks

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by duynguyen_adobe

If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action.

What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.

Reference: https://github.com/AdobeDocs/adobeio-runtime/blob/master/guides/securing_web_actions.md

7 replies

D
Adobe Employee
duynguyen_adobeAdobe Employee
Adobe Employee
October 29, 2020

Hi @oliverf82757722 - just for clarification, how do you trigger your actions in the headless app? Are you leveraging the alarms package to run cron jobs?

I'm trying to understand the sequence of actions in your app: does it go to the external service to grab the JSON, transform it, and save the results into Analytics?

O
oliverf82757722Author
Level 2
October 29, 2020

askdjfgh

O
oliverf82757722Author
Level 2
October 29, 2020

Hi @duynguyen_adobe the action will be triggered from another service within the company, that service sends a payload into the action. Thanks

D
Adobe Employee
duynguyen_adobeAdobe Employee
Adobe Employee
October 29, 2020
@oliverf82757722 - thanks for the details. If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action. What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.
O
oliverf82757722Author
Level 2
October 29, 2020

Ah! That's perfect! Thank you! I didn't know about the `require-whisk-auth`. Thank you 😄  Please could you provide a link to some docs around that? Thanks

D
Adobe Employee
duynguyen_adobeAdobe EmployeeAccepted solution
Adobe Employee
October 29, 2020

If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action.

What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.

Reference: https://github.com/AdobeDocs/adobeio-runtime/blob/master/guides/securing_web_actions.md

    D
    Adobe Employee
    duynguyen_adobeAdobe Employee
    Adobe Employee
    October 29, 2020

    sure, I've forked my comment to an answer with the link 😄

    (the doc doesn't mention the `require-whisk-auth` flag though, we are still working on the docs for manifest grammar)

    Terms & ConditionsAccessibility statement

    Loading footer...