Solved

How to call a FME workspace (as webhook) without passing security token in header?

  • 25 March 2022
  • 3 replies
  • 37 views
S

We have a use case where we need to implement a webhook using FME. This will be called by a partner application.

This webhook has a predefined URI (in partner application side) like:

https://fmeserver/repo/worskapce1.fmw?attr=?attr2=?

Names of parameters cannot be changed and partner application is not willing to update the webhook to pass security token in the header.

 

We are planning to do security by only whitelisting the ip addresses of the partner application.

 

In this case, how we do call the FME workspace? Everytime I try to call my workspace, it returns an following error

"401-Unauthorized. The request has not been applied because it lacks valid authentication credentials for the Target resource"

 

  1. Is there no way to call FME workspaces without passing tokens in the header of the call?
  2. Is there a way to change the name of the token attribute in the header to something else? I can repurpose attr2 for this and provide a static token to the application.
icon

Best answer by hkingsbury 27 March 2022, 22:42

View original

3 replies

H
Badge +2

Hi @sseth2011​ ,

Authentication for Web Services can be parsed in two ways:

  1. In the URL as part of the Query String using the key 'token'
  2. As an Authorization header

Documentation: https://docs.safe.com/fme/html/FME_Server_Documentation/ReferenceManual/authentication.htm

 

These are the only ways to input a token, please could you expand on why these are not satisfactory for your application and what exactly the alternative solution you are looking for would be?

S

Hi @sseth2011​ ,

Authentication for Web Services can be parsed in two ways:

  1. In the URL as part of the Query String using the key 'token'
  2. As an Authorization header

Documentation: https://docs.safe.com/fme/html/FME_Server_Documentation/ReferenceManual/authentication.htm

 

These are the only ways to input a token, please could you expand on why these are not satisfactory for your application and what exactly the alternative solution you are looking for would be?

Unfortunately the application which will call this web service is very rigid in terms of what can be changed. They don’t have a way to pass token in header or send it as part of query string. They do have a few predefined attributes which can be passed in query string but the names Of these attributes can’t be changed to “token “. Is there a way in fme so that we can make or expect the token in an attribute that is named something other than “token”?

hkingsbury
Rank
Userlevel 5
Badge +29

you could setup a 'proxy' workbench that allows annonymous access. Then pass through the required information (including the token) to the 'proxy' in a format that the applciation allows. Then configure the proxy workbench to transform the incoming parameters into the correct format and then call the secured workbench from the proxy workbench

Check out the Abley FME Firesides on Youtube: https://www.youtube.com/@ableyltd

Reply


Community Stats

28,707
Posts
109,476
Replies
36,551
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.