Issue retrieving secure iparams

App Platform
, , , ,
1

I’m having trouble with a secure iparam used for authentication to an external API.

My iparams.json file looks like this:’

{
  "apiKey": {
    "display_name": "API Key",
    "type": "text",
    "required": true,
    "secure": true,
    "visible": true
  }
}

My code where I use the api key looks like this:

    const headers = {
      "Authorization": "Bearer <%= encode(iparam.apiKey) %>",
      "Content-Type": "application/json"
    };
    const options = { headers: headers };
    client.request.get(url, options);

When I run my app, it seems like my API is being sent to the external API encoded so it doesn’t match the API key that the endpoint is expecting.

If I change my code to look like this (removing the encode() function), authentication is successful.

    const headers = {
      "Authorization": "Bearer <%= iparam.apiKey %>",
      "Content-Type": "application/json"
    };
    const options = { headers: headers };
    client.request.get(url, options);

While the above works, it doesn’t seem correct per the documentation and I’m not sure if it is secure doing it this way.

3

@Adam_Conde,
Good Day!

<%= encode() %>

is used to encode the value similar to atob or btoa method in javascript, if your Authentication supports encoded value then you can use <%= encode() %> otherwise not.

Hope it helps :slight_smile:

Thanks

2 Likes
4

Ah, that makes sense. Thank you for clarifying.

1 Like
5

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.