/
FlowEngine security: Endpoint security & external invocation to HTTP IN

FlowEngine security: Endpoint security & external invocation to HTTP IN

Owned by DevPortal Editor (Unlicensed)
Last updated: 15/09/23 by Onesait Platform

This tutorial will explain how the new security that applies to nodeRED "Http In" nodes, used to expose endpoints with logic within the platform, works.

Let's assume an example such as the following one, in which an endpoint will be exposed:

In order to invoke that endpoint, compose the url as follows: <environment_address>/nodered/<domain>/<node URL>. For the example, using the LAB environment and the domain "myDomain", it would be as follows: https://lab.onesaitplatform.com/nodered/myDomain/info.

If you try to invoke this service without further ado, you will receive a 401 Unauthorized error.

To invoke it correctly, you will have to perform the following steps:

  1. Authenticate against NodeRED's security. To do this, make the following call (in this case with CURL) with the following parameters:

    curl <environment_address>/nodered/<domain>/auth/token -d 'client_id=node-red-editor&grant_type=password&scope=*&username=<platform_username>&password=<user_API_token>'

    1. Environment address: Environment base URL, for example https://lab.onesaitplatform.com/
    2. Domain: Name of the domain that contains the exposed point.
    3. Platform User: Platform User.
    4. Token: A user token generated for APIs.

      The service will return a session token as follows

      {"access_token":"FYbCpUJT4y9wvzgdpeGLyxcaEcZoKHR2EBUXhdI9dtjIhwDFXMeRsOXTaWMaAE2K0NxKqFHt1zcpOK2gCE71ZU1sC4RSjL8MXmWaUcKznLH2dSCqlUSoRa2dn2PXZ5G0","expires_in":604800,"token_type":"Bearer"}

  2. Invoke the endpoint with the header "X-OP-NODEKey" and, as the value, the token obtained in the previous step.


Following these steps, the invocation to the endpoint will be performed correctly. Session access tokens will be valid for 7 days from their generation and can also be invalidated by making the following call to nodeRED security services:

curl --data 'token=<ACCESS_TOKEN>' -H "Authorization: Bearer <ACCESS_TOKEN>" <environment_address>/nodered/<domain>/revoke

Following the previous example:

curl --data 'token=FYbCpUJT4y9wvzgdpeGLyxcaEcZoKHR2EBUXhdI9dtjIhwDFXMeRsOXTaWMaAE2K0NxKqFHt1zcpOK2gCE71ZU1sC4RSjL8MXmWaUcKznLH2dSCqlUSoRa2dn2PXZ5G0' -H "Authorization: Bearer FYbCpUJT4y9wvzgdpeGLyxcaEcZoKHR2EBUXhdI9dtjIhwDFXMeRsOXTaWMaAE2K0NxKqFHt1zcpOK2gCE71ZU1sC4RSjL8MXmWaUcKznLH2dSCqlUSoRa2dn2PXZ5G0https://lab.onesaitplatform.com/nodered/myDomain/revoke

Related content

API Creation with the FlowEngine
API Creation with the FlowEngine
platform-doc-en
More like this
Seguridad de FlowEngine: seguridad de punto final e invocación externa a HTTP IN
Seguridad de FlowEngine: seguridad de punto final e invocación externa a HTTP IN
platform-doc-es
More like this
Cómo disponibilizar un servicio externo como una API del Flow Engine
Cómo disponibilizar un servicio externo como una API del Flow Engine
platform-doc-es
More like this
Making an external service available as a Flow Engine API
Making an external service available as a Flow Engine API
platform-doc-en
More like this
How to use configurations on FlowEngine
How to use configurations on FlowEngine
platform-doc-en
More like this
How to invoke REST APIs from the FlowEngine.
How to invoke REST APIs from the FlowEngine.
platform-doc-en
More like this