Expand my Community achievements bar.

Join us for Adobe Campaign Community Q&A Coffee Break on Thursday, March 7th at 8am PT with Eric Perrin, Gael Mouello, Chakravarthy Kalva, Bruce Swann and Sandra Hausmann.
SOLVED

external system call jssp

Avatar

Level 3
Dear engineer, i create one jssp, it can only access localhost, but this jssp need to face to external internet, how to control jssp authentication, i think may be use session#logon(), but do not how to to do at jssp. could someone help give an example to me.
1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hello @wankang ,

you call the session#logon() and parse out the session token which you can use in calling JSSP endpoint 

If you read over xtk:jsspcontext.js in JS libraries you can authenticate using:

  • You can pass this token over GET request

 

 

https://example.com/namespace/myrest.jssp?__sessiontoken=<sessiontoken>

 

 

which is not secure because GET requests are often cached in various places like web servers, proxies, and the user's browser history, and therefore can potentially expose the token to unauthorized access. 

 

  • You can use instead POST request header  "X-Security-Token"

 

 

Marcel Szimonisz

MarTech Consultant
for more tips visit my blog
https://www.martechnotes.com/

View solution in original post

1 Reply

Avatar

Correct answer by
Community Advisor

Hello @wankang ,

you call the session#logon() and parse out the session token which you can use in calling JSSP endpoint 

If you read over xtk:jsspcontext.js in JS libraries you can authenticate using:

  • You can pass this token over GET request

 

 

https://example.com/namespace/myrest.jssp?__sessiontoken=<sessiontoken>

 

 

which is not secure because GET requests are often cached in various places like web servers, proxies, and the user's browser history, and therefore can potentially expose the token to unauthorized access. 

 

  • You can use instead POST request header  "X-Security-Token"

 

 

Marcel Szimonisz

MarTech Consultant
for more tips visit my blog
https://www.martechnotes.com/