I'm trying to create a headless application which essentially just transforms some JSON and puts it into the Adobe Analytics Data Insertion.
The call into the analytics data insertion doesn't seem to require any authentication.
I don't want to remove the `require-adobe-auth` from the manifest but I'm not sure what my options are if I do that?
All I'm trying to do is to call an external service. I don't need to add an API or anything that requires auth but I'm just getting a bit lost in the documentation.
I've been asked to explore using basic auth for this but I just don't know if that's possible. Thanks
If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action.
What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.
Hi @oliverf82757722 - just for clarification, how do you trigger your actions in the headless app? Are you leveraging the alarms package to run cron jobs?
I'm trying to understand the sequence of actions in your app: does it go to the external service to grab the JSON, transform it, and save the results into Analytics?
@oliverf82757722 - thanks for the details. If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action. What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.
Ah! That's perfect! Thank you! I didn't know about the `require-whisk-auth`. Thank you Please could you provide a link to some docs around that? Thanks
If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action.
What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.
