I'm trying to create a headless application which essentially just transforms some JSON and puts it into the Adobe Analytics Data Insertion.
The call into the analytics data insertion doesn't seem to require any authentication.
I don't want to remove the `require-adobe-auth` from the manifest but I'm not sure what my options are if I do that?
All I'm trying to do is to call an external service. I don't need to add an API or anything that requires auth but I'm just getting a bit lost in the documentation.
I've been asked to explore using basic auth for this but I just don't know if that's possible. Thanks
Solved! Go to Solution.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action.
What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.
Reference: https://github.com/AdobeDocs/adobeio-runtime/blob/master/guides/securing_web_actions.md
Hi @oliverf82757722 - just for clarification, how do you trigger your actions in the headless app? Are you leveraging the alarms package to run cron jobs?
I'm trying to understand the sequence of actions in your app: does it go to the external service to grab the JSON, transform it, and save the results into Analytics?
Views
Replies
Total Likes
askdjfgh
Views
Replies
Total Likes
Hi @duypnguyen the action will be triggered from another service within the company, that service sends a payload into the action. Thanks
Views
Replies
Total Likes
Views
Replies
Total Likes
Ah! That's perfect! Thank you! I didn't know about the `require-whisk-auth`. Thank you
Views
Replies
Total Likes
If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action.
What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.
Reference: https://github.com/AdobeDocs/adobeio-runtime/blob/master/guides/securing_web_actions.md
sure, I've forked my comment to an answer with the link
(the doc doesn't mention the `require-whisk-auth` flag though, we are still working on the docs for manifest grammar)
Views
Replies
Total Likes
Views
Likes
Replies