Protected API request from actions

luka1 · March 8, 2022, 1:39pm

Hello,

I would like to call a protected API from my actions. I was thinking of using M2M flow, but that means that I’d have to do client credential exchange every time action is triggered - which is a bit excessive IMO and also M2M is limited to 1000 authentication. What do you prefer I do in this case? I’d like to protect the API called from the action for obvious reasons (to prevent spam) Is there any way of generating long lived token that I can just put inside the secret?

Thanks

Thanks!

dan.woda · March 10, 2022, 6:42pm

Hi @luka1,

Yes, you can use the M2M flow. This would be the OAuth way of doing it, but there is no caching mechanism available in Actions at the moment.

You could also make your own secret or API key, use basic auth, etc.

luka1 · March 21, 2022, 9:44am

Thanks! Decided to use the JWT sign feature, so i’m just signing payloads with a key that only backend knows.

dan.woda · March 21, 2022, 5:22pm

Sounds good. Thanks for the update!

system · April 5, 2022, 5:22pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.