When triggering a CloudCode task via an HTTP request, what is the best way to implement authentication?
A common API authentication method is Bearer authentication. Similarly to Basic authentication, Bearer authentication should only be used over HTTPS (SSL).
Here is a simple example of using it in a CloudCode task which compares the received token to a static token stored in a config file:
const sharedConfig = require('../shared/config.js');
// This must be defined, and should return either access.authorized() or access.unauthorized()
export async function authenticate({ request, access }) {
const auth = request.header("Authorization");
if (auth === `Bearer ${sharedConfig.timebotAPIKey}`) {
return access.authorized();
}
return access.unauthorized();
}
6 Likes
I suppose another option is to store the token in the DB and not a config file