Trusted sites

There are five authentication method types for third-party communications supported by Antavo: Base64 encoding, Amazon Web Services (AWS), AWS-Simple Storage Service (S3), JSON Web Token (JWT) and OAuth. The Trusted sites module offers an interface to configure and manage multiple webhook authentication methods on one single page.

After configuring the sites on this interface, you will be able to select them from a dropdown menu when implementing a workflow using the ‘Webhook message’ action node. This option eliminates the need to type each system detail in all Webhook message nodes where that system is targeted.

Find the configuration page of the Trusted sites module by typing it into the search bar of the Modules menu. The page will open to the list of sites that are already added, with the following information:

• Name

• Authentication method

• URL

• Content type

Adding a new site

To add a new authentication, click ‘Add new site’ on the left sidebar.

• Name (required)
  The name added here will appear and be selectable in the dropdown of the 'Webhook' workflow node.

• URL (required)
  Add here the trusted website’s URL address.

• Content type
  Write here the media type of the resource, e.g.: application/json

• Authentication method
  There are five authentication method types supported. Further configuration fields will appear, according to the type selected:

  • Basic
    Adds a webhook header of basic auth fields in a Base64 encoded format.

    • Username

    • Password

  • AWS
    Adds a full AWS signature.

    • Region

    • Service

    • Access key ID

    • Access key secret

    • Algorithm prefix (optional)

    • Vendor key (optional)

  • AWS-S3
    Adds a full AWS signature that is compatible with AWS-S3 Bucket communications.

    • Region

    • Service

    • Access key ID

    • Access key secret

    • Filename format

  • JWT
    Transmits information as a JSON object.

    • Algorithm
      Select the encryption method:
      RSA Signature with SHA-256 (RS256) or HMAC with SHA256 (HS256)

    • Secret
      The token is signed using this key – click the eye button to show it or hide it.

    • Payload
      Add key-value pairs – the key is always a string and the value can be any JSON value.

    • Time-to-live
      Expiration time – format: ({number} minute(s)|hour(s)|day(s)|month(s)|year(s))

  • OAuth2
    Validates an access token by communicating with the OAuth server.

    • Consumer key

    • Consumer secret

    • Authorization URL

    • Scope (optional)

    • Response type (optional)

    • Token URL

Open

The Redirect URL appears after adding facebook.com as an OAuth-type trusted site

If no access token has been acquired automatically, a 'Connect' button will appear in the upper right corner. By clicking this button you will be redirected to the configured Authorization URL.

If the acquired access token expires, the ‘Connect’ button will reappear so that you can start the process again and acquire a new token. In case Antavo has received a Refresh token after exchange, then that will be saved also at trusted_sites.auth_params.refresh_token.

In the case when we do have a Refresh token and the Access token expires, the action button 'Refresh access token' will be displayed. Clicking on the refresh button, we will send a POST request to the Token url, and exchange the Refresh token for a new Access token and a new Refresh token.

Activating a trusted site

After saving for the first time, the status of the added authentication is ‘draft’, which means it appears only in the list of trusted sites on the module configuration page and won’t appear among the options in the ‘Webhook message' workflow node’s dropdown.

You can activate it right away using the ‘Set active’ button on the upper right-hand side of the setup page and confirm the activation in the dialog that subsequently appears. Also, you can inactivate it anytime by clicking ‘Set inactive’.

Open