Passing Body Content in Post Snap
Hi,
This is a very novice question, but I am having trouble with a post request snap. This is just to authenticate with the RingCentral platform to receive a token for API consumption. I am able to...
Forum Discussion
I think I missed something. Why move the credentials to pipeline parameters when you can just use account.username and account.password?
Are you saying that you got it working by removing the account from the snap and replacing account.username and account.password with pipeline parameters in your HTTP Entity expression?
If that’s the case, it means the server is rejecting the request because of the Authorization header added by the account. So that does leave you in a tough spot, since the only way to keep the password secure is by using an account.
Let’s test that theory: Add an Authorization header to the version that works, to see if it breaks.
The Authorization header added by the Basic Auth account would have a value like
Basic bXl1c2VyOm15cCZzc3cwcmQ=Yes that is what happened. There is a missing piece that you don’t know about yet. Basically there is already an Authorization header that is required by RingCentral. Basically you have to take an app id and client secret concatenate the two the base64 encode the concatenated string and pass that as your Authorization header. Didn’t mean to leave that out earlier. Just didn’t realize it would be relevant until now.
So after you perform the steps as described in my previous post you do end up with a string that looks like that. Ending with ‘==’
Ok, so the account is overwriting the other Authorization header that you added in the Headers section of the snap.
But if one of the components of the Authorization header that you’re adding manually is a client secret that presumably you want to protect, how are you storing that securely? Don’t you have the same issue as with the password?
I have to confess that I am not sure how to handle this type of data my experience with SnapLogic is still in its infancy. Using postman to initially test I just use environment variables. Right now in SnapLogic, I am just handling it directly in a mapper snap. I haven’t really seen any documentation that discusses how to handle the various credentials you may need to store when consuming 3rd party APIs within the SnapLogic platform. I believe that an OAuth2.0 SnapLogic account would store this information, but I don’t think it would work overall because of the delivery expected on the RingCentral side, among other requirements for creating an OAuth2.0 account.
Any guidance you could provide would be much appreciated?
