Avatar

Correct answer by
Employee

If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action.

What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.

Reference: https://github.com/AdobeDocs/adobeio-runtime/blob/master/guides/securing_web_actions.md

View solution in original post