Web Service Security

AdrianH · May 8, 2017, 12:50pm

Does anyone have any material on enabling web service security above and beyond the OOTB Bearer token stuff?

Thanks!

Any help much appreciated.

Yours,

Adrian

Bhavin · May 8, 2017, 1:07pm

Adrian,
Assuming that you are talking about triggered or ultra tasks where you can run SnapLogic pipeline via REST call’s, at present you have two options

1 - bearer token
2 - http basic auth, where you set http authrization --> Basic Auth --> your snaplogic login creds i.e. username and pwd

You can also create a service account which can only run triggered tasks, http://doc.snaplogic.com/users

Service accounts need to be given permissions on a project or group basis just like regular user accounts. These accounts, however, cannot log into Designer or Manager and can only be used to run triggered tasks using basic authentication.

For additional security options you can try accessing SnapLogic tasks via 3rd party API gateway solution.

AdrianH · May 8, 2017, 1:32pm

Hi,

Yes I was referring to triggered tasks.

Thanks, where or how is basic authentication set up for a triggered task?

Yours,

Adrian

Bhavin · May 8, 2017, 1:56pm

you can use curl or any of your fav REST API testing client like postman https://www.getpostman.com/

curl https://pipeline-url?bearer_token=abc123

Bearer token is generated when you deploy your pipeline as a triggered task – see this link for more details http://doc.snaplogic.com/tasks --> Running a Pipeline from a URL section

You can also invoke pipeline by passing your snaplogic cred’s as basic auth credentials and for that

curl https://uname%40domain.com:yourPassword@pipeline-url

more info http://stackoverflow.com/questions/2044340/http-basic-authentication-whats-the-expected-browser-experience

AdrianH · May 8, 2017, 2:20pm

Hi,

Thanks but the curl bit doesn’t look like a secure way as the credentials appear to be exposed.

The basic auth bit below assumes that a service account has been set up correct?

Thanks!

Yours,

Adrian

Bhavin · May 8, 2017, 2:32pm

yes, I wouldnt recommend curl and service account is optional, have you tried postman? it lets you set basic auth in a secure way, pwd is masked

Piyush · May 9, 2017, 11:27pm

I guess there is none for standard pipelines

walkerline117 · October 18, 2017, 2:02pm

Hi, is this still the case, the service account can only run triggered task?
Is ultra supported for service account?

Thanks

dwhite · October 18, 2017, 3:58pm

No.

Any user with a standard account (has username and password) that has been granted at least Read + Execute Access to the project where the trigger task resides can run that trigger task using basic authentication. This can be a standard user or a service account. Service Accounts are setup like a normal user, and permissions are managed like a normal user, but it is unable to log in to the UI.

Ultra only works with bearer auth.