External API request with client certificate authentication support?
Options
mike-k
Member ✭
Hi, I need to connect to an external API that uses a client certificate for authentication. Is this supported in Xano?
Comments
-
Usually this means a custom header needs to go with the transaction, which Xano supports. Sometimes devil is in the details - whats the service?
-
Thanks for the reply - it's a payments API through a company called Blackhawk. Their documentation is behind a log in. However, here's all that they say about authentication. I have a certificate and just installed the pfx file into postman on it works fine. Do you have any tips on how I can determine what headers to send?
“The Hawk Marketplace APIs use mutual authentication by means of a signed certificate provided by Blackhawk Network. The certificate contains embedded values that support authentication, authorization, and billing.
Your applications are authenticated through the use of embedded values in the client certificate. The overall client Request Context comprises the full set of HTTP headers and embedded certificate values. These properties are used for purposes of authentication and authorization across multiple requests.”
“Obtaining Your Certificate for Authentication
During the integration process your implementation project manager will work with you to obtain your client certificate.
The certificate values are mapped to a system user within Blackhawk Network. That system user is associated with a set of client products specific to your organization.” -
Cool. This looks like you're using TLS mutual authentication. AFAIK that's something you can do by wrapping your call in a Xano lambda to call fetch directly by configuring the HTTPS agent with your certificate. I appreciate the previous sentence might sound a little alien - cryptographic stuff is weird! Here's an article that might help. Note that lambdas are exclusive to the paid tiers of Xano.
Glad to help more as we get deeper in the weeds. This kind of deep stuff is where a 1-1 session can add value. -
Thanks for this help, Ray! I'll dig into this and let you know if scheduling a session makes sense.
-
Ok, so I looked into this and tried implementing the code. I removed the imports, since they aren't allowed. I'm running into an issue creating the https agent.
const sslConfiguredAgent = new https.Agent(options);I get an error: "https is not defined"... any idea how to make that available or figure out what they have imported https under? -
I'm on the move atm, but here's an idea: can you try replacing https with require("https") to see if it gives you a different result?
-
Thanks for the response... I updated it to this:
const sslConfiguredAgent = new require("https").Agent(options);
I now get a new error:
{"response":{"response":"Cannot find module 'https'"}} -
Hi @Ray Deck you are referring to an article on lambdas when dealing with TLS mutual authentication. However I am unable to find the article. Would you mind sharing the article again? Thanks, much appreciated!
-
Hi @Ben -5225939 I don't recall the exact article I shared, but here is another on the subject of mutual TLS: https://www.matteomattei.com/client-and-server-ssl-mutual-authentication-with-nodejs/
Xano now has support for the https library in its lambdas, so you can apply this technique for making your requests.
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback