We have a requirement to call web API which uses Bearer Token authentication type and it requires client id and secret in the Header.
Before calling this API we need to get the access token using oAuth endpoint, this endpoint has authentication type as Basic Auth and it requires same client id and secret in the Header.
1. For OAuth endpoint, we have created a connected system (A) with the Basic Authentication using username and password. - Works fine.
2. For the primary API, we have created another connected system (B) with the following information.
a. Base URL: <Base URL>.
b. Authentication: None
3. Created an Integration object which uses connected system B and has following parameters in the Headers.
a. Authorization: <Token received in step #1, passed as rule input>
b. X-IBM-Client-Id: <client id, passed as constant >
c. X-IBM-Client-Secret: <client secret, passed as constant>
The above setup works fine however as per our security compliance we cannot have a secret in the constant which is non-masked.
Is there a way for us to use connected system which supports the masked password and secret to achieve above scenario?
Discussion posts and replies are publicly visible
Abhay Dalsaniya said:Is there a way for us to use connected system which supports the masked password and secret to achieve above scenario?
Have you looked into whether it's possible to make this work along with the Credential Store? I don't happen to know but I'd be surprised if there isn't some way.
I did not find a way to use Credential Store fields directly in the CS or Integration object.
Dang, that's disappointing. Maybe (in the meantime) open a product use case with Appian? It seems like there should be a way to do this. (cc Peter Lewis )