Authenticating for an API
- Fiona Sargeant (Unlicensed)
- Anthony George
Overview
When importing data via HTTP, you sometimes need to provide authentication to an external site. There are 2 parts to this:
- Store
To store the username and password, use one of the following methods:- Save as plain text the HTTP datasource instance. This is not secure. See Using an HTTP Datasource Instance, below.
This option is not secure. - Encrypt using a PhixFlow local secret; see Using the PhixFlow Secret Key, below
- Encrypt using a keystore; see Using the Keystore, below.
This option is the most secure, but requires administrator access to the keystore.
- Save as plain text the HTTP datasource instance. This is not secure. See Using an HTTP Datasource Instance, below.
- To use the username and password
- In an analysis models, connect the HTTP datasource to a HTTP modelling object:
- In the expression within the modelling object, reference the username, password. Expression fields are:
- HTTP collectors and HTTP exporters → URL Expression or Statement Expression
- HTTP Headers Properties → Basic Settings → Value.
Using an HTTP Datasource Instance
This method stores a username and password in plain text in the PhixFlow database.
Step 1 Store:
- Open a HTTP datasource properties
- in the HTTP Datasource Instances section add a new instance
- In the instance, enter the details for the Name, Username and Password properties.
- Tick Enabled.
- Save the properties.
Step 2: Use:
To use a username or password in an expression, specify the following variables:
| Properties | Variable |
|---|---|
| Username | %USERNAME% |
| Password | %PASSWORD%. |
When you run analysis, PhixFlow looks in the associated HTTP datasource instance for the value set in the Username and Password properties and uses them to authenticate to the external site.
Using the PhixFlow Secret Key
Step 1 Store:
To store a username and password encrypted in PhixFlow, configure a key/value pair using the secret key.
- In a HTTP datasource properties → Secret Key Details section, click
Add New to create a new secret key. PhixFlow opens the secet key properties. - Enter a Name and click
Save. - PhixFlow automatically creates a key for this secret. The key is a combination of the name and a string that is the internal ID of the HTTP datasource.
- In the Secret field, click Add New to create the associated value. PhixFlow opens the new local secret properties.
- In the local secret → Secret field, add the value, which PhixFlow stores encrypted.
- Click
OK to save and close the local secret. - PhixFlow adds a string of asterisks *** to the Secret field to show you have configured the value.
- Click OK to save and close the secret key.
For details of the properties of a secret key, see Secret Key and Local Secret.
Step 2: Use:
In an expression, specify 2 keys, one for the username and one for the password, using
${_datasource.key} where key is the Name of the secret key.
When you run analysis, PhixFlow looks in the associated HTTP datasource for the specified key and provides the de-encrypted value to authenticate to the external site.
Using the Keystore
If your PhixFlow instance has a Java keystore, you can use this to store usernames and passwords instead of using a local secret. This option is the most secure, but requires administrator access to the keystore.
Step 1 Create the key:
To create a key for the username or password:
- In a HTTP datasource properties → Secret Key Details section, click Add New to create a new secret key. PhixFlow opens the secet key properties.
- Enter a Name and click Save.
- PhixFlow automatically creates a key for this secret. The key is a combination of the name and a string that is the internal ID of the HTTP datasource.
- Copy the key to use in the keystore.
- Click OK to save and close the secret key.
For details of the properties of a secret key, see Secret Key and Local Secret.
Step 2: Store:
In the keystore, use the copied key and the username/password values to store key-value pairs; see Adding Data to a Keystore.
Step 3: Use:
In an expression, specify 2 keys, one for the username and one for the password, using
${_datasource.key} where key is the Name of the secret key.
When you run analysis, PhixFlow looks for the specified key:
- first in the associated HTTP datasource
- then in the keystore.
PhixFlow provides the de-encrypted value to authenticate to the external site.
It is possible to create and to use a key without adding the associated value to:
- either the local secret
- or the keystore
If you run analysis on a model containing an HTTP object that cannot find a value for a key, it will cause an error.
For links to all pages in this topic, see Analysis Models for Batch Processing Data.
Terminology changes in progress
As part of the redesign of PhixFlow, we are changing the following terms:
dashboard → screen
stream → table
stream attributes → attributes
stream item → record
stream set → recordset
stream view → view
stream item action → record-action
stream action → table-action
driver class → database driver