Genesys Cloud - Main

Why is that we can not use secure variables with bridge data actions? Does it mean bridge connectivity is insecure? 



We can't use the secure data actions or other web service data actions instead becaues the middleware which talks to the backend systems is available only via bridge server. Why do we need the this middleware and bridge server? because not all client web services return json and moreover they aren't communicating at 443 either (for their security requirement of not using the default ports e.g. 80/443).

------------------------------
Cheers,
Sajid Abbas Malek
Al-Futtaim Technologies -
------------------------------

Bridge actions are not "insecure" per se, but they also do not meet the requirements laid out in the PCI specification, as the bridge server itself logs certain aspects of the HTTP request payload (albeit in an encrypted fashion, but the fact that it is retained on the bridge server longer than is required to process the transaction means that it does not meet the PCI spec).  

Cloud data actions do not log the request or response payload anywhere, as they were designed with this requirement in mind.  We are currently exploring mechanisms to proxy the cloud based data action web service requests into a premise environment/translate to an alternate syntax in those environments.  One potential solution we encountered while investigating this was https://ngrok.com/.  There may be additional solutions provided in the future directly from PureCloud, but for the time being this is the state of things.

------------------------------
Richard Schott
Genesys - Employees
------------------------------

Thanks Richard :)

------------------------------
Cheers,
Sajid Abbas Malek
Al-Futtaim Technologies -
------------------------------

Original Message:
Sent: 08-20-2018 08:54
From: Richard Schott
Subject: Bridge data actions vs Secure variables

Bridge actions are not "insecure" per se, but they also do not meet the requirements laid out in the PCI specification, as the bridge server itself logs certain aspects of the HTTP request payload (albeit in an encrypted fashion, but the fact that it is retained on the bridge server longer than is required to process the transaction means that it does not meet the PCI spec).  

Cloud data actions do not log the request or response payload anywhere, as they were designed with this requirement in mind.  We are currently exploring mechanisms to proxy the cloud based data action web service requests into a premise environment/translate to an alternate syntax in those environments.  One potential solution we encountered while investigating this was https://ngrok.com/.  There may be additional solutions provided in the future directly from PureCloud, but for the time being this is the state of things.

------------------------------
Richard Schott
Genesys - Employees
------------------------------