How to authenticate CloudCode Web Task?

kobie · October 8, 2019, 8:24pm

When triggering a CloudCode task via an HTTP request, what is the best way to implement authentication?

david · October 10, 2019, 3:45pm

A common API authentication method is Bearer authentication. Similarly to Basic authentication, Bearer authentication should only be used over HTTPS (SSL).

Here is a simple example of using it in a CloudCode task which compares the received token to a static token stored in a config file:

const sharedConfig = require('../shared/config.js');

// This must be defined, and should return either access.authorized() or access.unauthorized()
export async function authenticate({ request, access }) {
  const auth = request.header("Authorization");
  if (auth === `Bearer ${sharedConfig.timebotAPIKey}`) {
    return access.authorized();
  }
  return access.unauthorized();
}

kobie · December 13, 2019, 10:06pm

I suppose another option is to store the token in the DB and not a config file

Topic		Replies	Views
Webtask Authentication with Backend Tokens? General Q&A cloudcode , integration	2	391	March 26, 2021
Securing CloudCode Web tasks Best Practice cloudcode	1	308	August 31, 2022
HTTP Methods for CloudCode Webtasks General Q&A cloudcode , integration	1	378	March 22, 2021
How to trigger a TypeScript CloudCode task from the app? General Q&A cloudcode , typescript	1	431	April 24, 2020
How to run unit tests for CloudCode Tasks? General Q&A cloudcode , github , unit-test	3	1331	January 17, 2020

How to authenticate CloudCode Web Task?

Related topics