Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

What options do I have for authenticating an action?

Avatar

Avatar
Validate 1
Level 1
oliverf82757722
Level 1

Likes

0 likes

Total Posts

28 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Applaud 5
View profile

Avatar
Validate 1
Level 1
oliverf82757722
Level 1

Likes

0 likes

Total Posts

28 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Applaud 5
View profile
oliverf82757722
Level 1

29-10-2020

I'm trying to create a headless application which essentially just transforms some JSON and puts it into the Adobe Analytics Data Insertion.

The call into the analytics data insertion doesn't seem to require any authentication.

I don't want to remove the `require-adobe-auth` from the manifest but I'm not sure what my options are if I do that?

All I'm trying to do is to call an external service. I don't need to add an API or anything that requires auth but I'm just getting a bit lost in the documentation.

 

I've been asked to explore using basic auth for this but I just don't know if that's possible. Thanks

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 25
Employee
duypnguyen
Employee

Likes

35 likes

Total Posts

166 posts

Correct Reply

32 solutions
Top badges earned
Boost 25
Applaud 5
Give Back 5
Give Back 3
Give Back 10
View profile

Avatar
Boost 25
Employee
duypnguyen
Employee

Likes

35 likes

Total Posts

166 posts

Correct Reply

32 solutions
Top badges earned
Boost 25
Applaud 5
Give Back 5
Give Back 3
Give Back 10
View profile
duypnguyen
Employee

29-10-2020

If the Analytics Data Insertion API doesn't require any authentication, you don't need `require-adobe-auth`. However, I understand that you still want "some protection" for your action.

What you could do is adding `require-whisk-auth` to the manifest, its value is a secret hash. Then from the calling system you make request to your action with this header `X-Require-Whisk-Auth: secret_hash`. Other requests without this header would be rejected.

Reference: https://github.com/AdobeDocs/adobeio-runtime/blob/master/guides/securing_web_actions.md

Answers (0)