This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Securing exposed API endpoint for triggered task

Go to solution
dwhansen-cbg
Contributor

‎03-11-2020 11:26 AM

It is my understanding that when we create a Triggered Task for a pipeline there are only two ways of securing the API endpoint, 1) the bearer token and 2) basic authentication in the endpoint URL as a parameter.

I know others that use SnapLogic that have had their triggered tasks hacked (via figuring out the bearer token) and pipelines have been kicked off by people that weren’t authorized. My question is this: how can we add additional security to the Triggered Task API endpoint?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
christwr
Contributor III

‎03-11-2020 12:41 PM

Like who? I assume folks who didn’t keep the bearer token private, or changed it to something bad…

A few ways to add “extra” security to triggered tasks:

  • IP whitelisting (Access Control)
  • Front the triggered task with an API Gateway (that handles the auth switching)
  • Add some other checker logic to your triggered pipeline (JWT, etc.)

View solution in original post

Reply
2 REPLIES 2

Go to solution
christwr
Contributor III

‎03-11-2020 12:41 PM

Like who? I assume folks who didn’t keep the bearer token private, or changed it to something bad…

A few ways to add “extra” security to triggered tasks:

  • IP whitelisting (Access Control)
  • Front the triggered task with an API Gateway (that handles the auth switching)
  • Add some other checker logic to your triggered pipeline (JWT, etc.)
Reply

Go to solution
dwhansen-cbg
Contributor
In response to christwr

‎03-11-2020 12:58 PM

I won’t say who it happened to, but I know the company he works for has had an issue in the past and I would like to avoid it at my company.

@christwr thank you for your suggestions! These are all great suggestions and we will probably employ IP whitelisting and an API gateway to lock things down a little more. Thanks!

0 Kudos
Reply