Brian_Higgins | 2019-02-05 17:35:45 UTC | #1
I have created a REST web service which is called by Data Actions from an agent script triggered by the IVR.
The Data Actions are grouped under a Web Services Data Actions integration. All good and working fine so far.
The request is now to lock down the REST api with some form of Authentication, the lab/dev version is completely open.
On a Web Services Data Action integration it is possible to specify one of three types of authentication. Under the Configuration->Credentials Tab. One of the options is User Defined ( OAuth ).
Is it possible ( and/or recomended ) to use PureCloud OAuth for this purpose?
i.e. I'm thinking my Rest Api could authenticates with Purecloud OAuth and pass back that token. to the data action using one of the Purecloud grant types.
Thoughts or suggestions much appreciated, Brian.
tim.smith | 2019-02-06 14:30:21 UTC | #2
The authentication is meant to connect to your authentication service. You might be able to set it up to authenticate with PureCloud and then give your service the PureCloud auth token. Your service could then make an API request to PureCloud to see if the token is valid, then proceed or deny the request. I haven't tested doing something like that though.
It would be more straightforward if your service accepted basic auth or a key you define in the user defined auth. Your app could just validate the value it's being given against what it's expecting for auth and be done without the data action having to first authenticate with PureCloud and then your service having to make an API request to validate the token.
Jason_Mathison | 2019-02-06 14:43:15 UTC | #3
To answer your question
Is it possible ( and/or recomended ) to use PureCloud OAuth for this purpose?
You might be able to get this to work as Tim described above, but it was never something we considered in our design.
As Tim said Basic auth is probably the easiest to implement in your web service. If you would like to / are compelled to use an oAuth flow for your webservice this document describes how to setup the data action: https://help.mypurecloud.com/articles/how-to-use-the-user-defined-oauth-credential-type/
Brian_Higgins | 2019-02-06 14:57:13 UTC | #4
Thanks Tim,
I also see Jason's response below too. That is helpful. I'm leaning towards the basic auth based on your responses I will see how that goes down with the stake holders :)
All the best, Brian.
Brian_Higgins | 2019-02-06 14:59:48 UTC | #5
Thanks Jason, I might end up using the an Oauth authentication, but will see if I the basic auth passes muster with the stake holders.
system | 2019-03-09 14:59:48 UTC | #6
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 4515