Securing exposed API endpoint for triggered task

It is my understanding that when we create a Triggered Task for a pipeline there are only two ways of securing the API endpoint, 1) the bearer token and 2) basic authentication in the endpoint URL as a parameter.

I know others that use SnapLogic that have had their triggered tasks hacked (via figuring out the bearer token) and pipelines have been kicked off by people that weren’t authorized. My question is this: how can we add additional security to the Triggered Task API endpoint?

Like who? I assume folks who didn’t keep the bearer token private, or changed it to something bad…

A few ways to add “extra” security to triggered tasks:

  • IP whitelisting (Access Control)
  • Front the triggered task with an API Gateway (that handles the auth switching)
  • Add some other checker logic to your triggered pipeline (JWT, etc.)

I won’t say who it happened to, but I know the company he works for has had an issue in the past and I would like to avoid it at my company.

@christwr thank you for your suggestions! These are all great suggestions and we will probably employ IP whitelisting and an API gateway to lock things down a little more. Thanks!