Protected API request from actions

luka1 · March 8, 2022, 1:39pm

Hello,

I would like to call a protected API from my actions. I was thinking of using M2M flow, but that means that I’d have to do client credential exchange every time action is triggered - which is a bit excessive IMO and also M2M is limited to 1000 authentication. What do you prefer I do in this case? I’d like to protect the API called from the action for obvious reasons (to prevent spam) Is there any way of generating long lived token that I can just put inside the secret?

Thanks

Thanks!

dan.woda · March 10, 2022, 6:42pm

Hi @luka1,

Yes, you can use the M2M flow. This would be the OAuth way of doing it, but there is no caching mechanism available in Actions at the moment.

You could also make your own secret or API key, use basic auth, etc.

luka1 · March 21, 2022, 9:44am

Thanks! Decided to use the JWT sign feature, so i’m just signing payloads with a key that only backend knows.

dan.woda · March 21, 2022, 5:22pm

Sounds good. Thanks for the update!

system · April 5, 2022, 5:22pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Access token in Action flow Help management-api , actions-management-api	3	2772	April 3, 2023
M2M token usage in Actions Help	2	1818	September 21, 2022
Validating actions request for machine to machine Help apis , application	1	831	January 8, 2024
Restrict management API Help api , rules , management-api , actions	1	2130	February 11, 2022
Caching API Access Tokens in Login Action Help apis , application	2	3672	March 23, 2023

Protected API request from actions

Related Topics