FlowEngine security: Endpoint security & external invocation to HTTP IN

Owned by DevPortal Editor (Unlicensed)
Last updated: 15/09/23 by Onesait Platform
2 min read

This tutorial will explain how the new security that applies to nodeRED "Http In" nodes, used to expose endpoints with logic within the platform, works.

Let's assume an example such as the following one, in which an endpoint will be exposed:

In order to invoke that endpoint, compose the url as follows: <environment_address>/nodered/<domain>/<node URL>. For the example, using the LAB environment and the domain "myDomain", it would be as follows: https://lab.onesaitplatform.com/nodered/myDomain/info.

If you try to invoke this service without further ado, you will receive a 401 Unauthorized error.

To invoke it correctly, you will have to perform the following steps:

  1. Authenticate against NodeRED's security. To do this, make the following call (in this case with CURL) with the following parameters:

    curl <environment_address>/nodered/<domain>/auth/token -d 'client_id=node-red-editor&grant_type=password&scope=*&username=<platform_username>&password=<user_API_token>'

    1. Environment address: Environment base URL, for example https://lab.onesaitplatform.com/
    2. Domain: Name of the domain that contains the exposed point.
    3. Platform User: Platform User.
    4. Token: A user token generated for APIs.

      The service will return a session token as follows

      {"access_token":"FYbCpUJT4y9wvzgdpeGLyxcaEcZoKHR2EBUXhdI9dtjIhwDFXMeRsOXTaWMaAE2K0NxKqFHt1zcpOK2gCE71ZU1sC4RSjL8MXmWaUcKznLH2dSCqlUSoRa2dn2PXZ5G0","expires_in":604800,"token_type":"Bearer"}

  2. Invoke the endpoint with the header "X-OP-NODEKey" and, as the value, the token obtained in the previous step.


Following these steps, the invocation to the endpoint will be performed correctly. Session access tokens will be valid for 7 days from their generation and can also be invalidated by making the following call to nodeRED security services:

curl --data 'token=<ACCESS_TOKEN>' -H "Authorization: Bearer <ACCESS_TOKEN>" <environment_address>/nodered/<domain>/revoke

Following the previous example:

curl --data 'token=FYbCpUJT4y9wvzgdpeGLyxcaEcZoKHR2EBUXhdI9dtjIhwDFXMeRsOXTaWMaAE2K0NxKqFHt1zcpOK2gCE71ZU1sC4RSjL8MXmWaUcKznLH2dSCqlUSoRa2dn2PXZ5G0' -H "Authorization: Bearer FYbCpUJT4y9wvzgdpeGLyxcaEcZoKHR2EBUXhdI9dtjIhwDFXMeRsOXTaWMaAE2K0NxKqFHt1zcpOK2gCE71ZU1sC4RSjL8MXmWaUcKznLH2dSCqlUSoRa2dn2PXZ5G0" https://lab.onesaitplatform.com/nodered/myDomain/revoke