Trusted sites
There are five authentication method types for third-party communications supported by Antavo: Base64 encoding, Amazon Web Services (AWS), AWS-Simple Storage Service (S3), JSON Web Token (JWT) and OAuth. The Trusted sites module offers an interface to configure and manage multiple webhook authentication methods on one single page.
After configuring the sites on this interface, you will be able to select them from a dropdown menu when implementing a workflow using the ‘Webhook message’ action node. This option eliminates the need to type each system detail in all Webhook message nodes where that system is targeted.
Find the configuration page of the Trusted sites module by typing it into the search bar of the Modules menu. The page will open to the list of sites that are already added, with the following information:
Name
Authentication method
URL
Content type
Adding a new site
To add a new authentication, click ‘Add new site’ on the left sidebar.
Name (required)
The name added here will appear and be selectable in the dropdown of the 'Webhook' workflow node.URL (required)
Add here the trusted website’s URL address.Content type
Write here the media type of the resource, e.g.: application/jsonAuthentication method
There are five authentication method types supported. Further configuration fields will appear, according to the type selected:Basic
Adds a webhook header of basic auth fields in a Base64 encoded format.Username
Password
AWS
Adds a full AWS signature.Region
Service
Access key ID
Access key secret
Algorithm prefix (optional)
Vendor key (optional)
AWS-S3
Adds a full AWS signature that is compatible with AWS-S3 Bucket communications.Region
Service
Access key ID
Access key secret
Filename format
JWT
Transmits information as a JSON object.Algorithm
Select the encryption method:
RSA Signature with SHA-256 (RS256) or HMAC with SHA256 (HS256)Secret
The token is signed using this key – click the eye button to show it or hide it.Payload
Add key-value pairs – the key is always a string and the value can be any JSON value.Time-to-live
Expiration time – format: ({number} minute(s)|hour(s)|day(s)|month(s)|year(s))
OAuth2
Validates an access token by communicating with the OAuth server.Consumer key
Consumer secret
Authorization URL
Scope (optional)
Response type (optional)
Token URL
After saving the new site, the Redirect URL will be displayed on the page that is constructed by the website ID and the callback endpoint.
If no access token has been acquired automatically, a 'Connect' button will appear in the upper right corner. By clicking this button you will be redirected to the configured Authorization URL.
If the acquired access token expires, the ‘Connect’ button will reappear so that you can start the process again and acquire a new token. In case Antavo has received a Refresh token after exchange, then that will be saved also at trusted_sites.auth_params.refresh_token.
In the case when we do have a Refresh token and the Access token expires, the action button 'Refresh access token' will be displayed. Clicking on the refresh button, we will send a POST request to the Token url, and exchange the Refresh token for a new Access token and a new Refresh token.
Activating a trusted site
After saving for the first time, the status of the added authentication is ‘draft’, which means it appears only in the list of trusted sites on the module configuration page and won’t appear among the options in the ‘Webhook message' workflow node’s dropdown.
You can activate it right away using the ‘Set active’ button on the upper right-hand side of the setup page and confirm the activation in the dialog that subsequently appears. Also, you can inactivate it anytime by clicking ‘Set inactive’.
© Copyright 2022 Antavo Ltd.