What options do I have for authenticating an action?

Avatar

Avatar

oliverf82757722

Avatar

oliverf82757722

oliverf82757722

29-10-2020

I'm trying to create a headless application which essentially just transforms some JSON and puts it into the Adobe Analytics Data Insertion.

The call into the analytics data insertion doesn't seem to require any authentication.

I don't want to remove the `require-adobe-auth` from the manifest but I'm not sure what my options are if I do that?

All I'm trying to do is to call an external service. I don't need to add an API or anything that requires auth but I'm just getting a bit lost in the documentation.

 

I've been asked to explore using basic auth for this but I just don't know if that's possible. Thanks

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

duypnguyen

Employee

Avatar

duypnguyen

Employee

duypnguyen
Employee

29-10-2020

If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action.

What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.

Reference: https://github.com/AdobeDocs/adobeio-runtime/blob/master/guides/securing_web_actions.md

Answers (0)