I have a solution that uses a 3rd party API which is secured with some sort of Basic Authentication secret. I have no control over that API but the keys are getting rotated every now and again. What would be the safest way for that API to notify me of credential changes. I want to rule out as much manual work as possible.
The solution that I have is a Azure DataFactory and keys are stored in KV
To get the notification whenever the Key Vault credentials are changed you can make use of Azure Logic Apps like below:
Go to Azure Portal -> Azure key vaults -> Your Key vault -> Events ->Get started -> Select Logic Apps -> Sign - in with your account -> Continue
Click When a resource event occurs screen, do the changes like below:
Choose an operation -> Select All -> Select your required email provider -> Select -> Send an Email
Edit the Email template by including to, subject, body save and Create.
Whenever you make changes on secrets, you will receive notification to your email.
Reference:
Email when Key Vault status of the secret changes | Microsoft Docs
Related
Hi I looked https://developers.google.com/places/web-service/get-api-key
For an agency, is it possible to set up an API without having the client's login?
How can we create one?
Regards,
Jeff
Api keys are for accessing public data there will be no need for logging in when you use this.
Use the follow these steps to get an API key:
Go to the Google API Console.
Create or select a project.
Click Continue to enable the API.
On the Credentials page, get an API key (and set the API key restrictions).
Note: If you have an existing unrestricted API key, or a key with server restrictions, you may use that key.
To prevent quota theft, secure your API key following these best practices.
(Optional) Enable billing. See Usage Limits and Billing for more information.
There is no other way to get an API key you will need to create a project on google developer console.
I have a SaaS which integrates with SalesForce. I have synced all the SF users to my database so that my local users have a SF user ID stored.
I need to have a custom link in SF which will bring the user to my site and log them in automatically. The wrong way to do this is to pass the SF user ID in the link and simply match the SF User ID to the one I've stored in the database. What is the right way to ensure the referred SF user should be authorized? Is there some token I can put in the link from SF that I can then verify against the SF API?
There are two approaches for this:
Create a canvas app that sends a signed request to your site. The signed request will include the current users session details. You can use these to verify that the user is indeed who they say they are. I.e. They haven't just made up an id and that they came from an active Salesforce session. See Verifying and Decoding a Signed Request. The advantage of this approach is that you can verify the request has been signed with your apps consumer secret.
Its an older approach that isn't really promoted by Salesforce any more as the canvas apps superseded it. Create what was known as a composite app. This was basically an iframe to your external site that could include the session id and server url in the query string (over SSL). With these details you could call back into Salesforce and get the User Id of the session owner.
Incidentally, the Salesforce StackExchange site is a great place to ask Salesforce specific questions.
I'm using Firebase for an Atlassian Connect AddOn. I want to use Firebase users to secure the data.
The users will be identified by a clientKey provided by Atlassian (probably after I fudge it a bit) - NOT BY EMAIL.
Ideally, I don't want to have to do my own authentication here, as the Firebase.createUser method would suffice entirely if I could provide something other than an email to it, but I can't find anything like that in the documentation.
Is there a way I can create Firebase users WITHOUT AN EMAIL (just an ID and password), without going to all the way into oAuth and all that jargon to create my own custom authentication?
A Firebase user must have an email. If that is a problem then we can't use a Firebase "user", but instead a "token" (which must have a UID as part of it's payload and hence behaves the same way in terms of security once it reaches their datastore).
If you don't need a password, then "instead of double-authenticating and duct taping" as #Kato kindly pointed out, you can generate your own Firebase tokens and serve them to the client.
If you require the user to provide a password then you'd have to implement your own verification before you generate the token and serve it to the client. Since there's no Firebase user involved anymore, but rather a token your privileged server can arbitrarily create and serve, it's your responsibility to ensure you're doing that at the right time (i.e. when a user has provided your server with an adequate ID and password).
Read more about Custom Authentication here and tokens.
I am creating an app in ai2 that connects to one of my fusion tables as a high score datastore.
If I use traditional Oauth2 flow then each user would be presented with an oauth login for their fusiontable, which is not what I want.
I have set up a
Client ID for Android application
in the google developer console which gave me
Client ID xxxxxxxxx.apps.googleusercontent.com
Redirect URIs
urn:xxx:xxx:xxx
http://localhost
Package name appinventor.ai_xxxxxxxx.xxxxxxxx
Certificate fingerprint (SHA1) 12:34:56 etc
Deep linking Disabled
What I want is for my app to connect to my fusiontable using my credentials regardless of which device or which user. How do I do that?
Thanks
This document is a very simple and straight-forward guide to creating a fusion table for your app.
https://docs.google.com/document/d/1HifuZqz5xu0KPS-e4oUv-t-nQoUQ8VMNyh_y6OjZkc0/pub
Steps:
First, you have to create a project at console.developers.google.com.
Then go to the API manager in the menu. Search for and enable the fusion tables API.
Now create a service account key. You may have to look in the credentials menu for this setting. Choose "enable Google apps-wide delegation". A service account is a localized email address that your app can use when you share the fusion table with that account. It provides more security than the anyone with the link can edit setting.
Now go to New Credentials > Service account key. Select P12, and the file will automatically download. If the name of the file has spaces, remove them.
Next, create a google fusion table.
Now share the table with the service email you created. Set the permission to Can Edit. Uncheck the notify box and hit Share.
Now, go to App Inventor. You need:
Your Service Account Email address (also called service account ID)
Service Account key file (.p12)
Fusion Table ID code (don't worry about this yet)
First, upload the key file.
In the fusion tables component property menu, set the KeyFile property to the key file. Copy the email address you created earlier and paste it in the ServiceAccountEmail property. Check the Use Service Authentication box.
Last thing: In the fusion table, go to File > About This Table. Copy the table Id. When you do operations with the table, you will need this id. You can store it in a variable if you want.
This property means that you can share and use multiple different tables with the same service account. Just share the other table(s) you will use with the service account and use that table's id when you do operations with that table.
Is there a good way to do secret key authentication for http queries from a salesforce app to my own web server? In other words, I'd like to give each company that installs our application their own secret key. Then each http call the app makes to our server (whether json or just a link to a hosted iframe) would look something like this:
groupid = groupid
param1 = value1
param2 = value2
signParam = signValue
Where signValue = md5("groupid=groupid,param1=value1,param2=value2,secretKey"
Then when I receive the query, I calculate the signature as well to make sure it matches before I perform any actions on our web server. The problem is, I don't see how I can assign and store the secret key for each company that installs our app (that is, have them store the secret key in their installation).
Is there a good way to do this that I'm missing? And if this isn't possible in salesforce, how else do you authenticate web queries before you perform actions in your own server?
Rather than trying to track it on the salesforce side, have the salesforce side send the users sessionId to your webservice, you can then use the API to validate that sessionId get details about the user, and check locally that the particular user/organization is licensed. There's some articles on the developerforce wiki about using this approach.