AnsweredAssumed Answered

Encrypting and Decrypting Sensitive Information for use in flows

Question asked by darren068106 on Feb 21, 2018
Latest reply on Feb 21, 2018 by James Ahlborn

Hi All

 

I have a process which uses an API and does not support any of the options under the authentication in the connector e.g. Basic, OAuth, etc.

 

Instead it relies on the username and password being transmitted over HTTPS to the API in the URI e.g. http://api.myapi.com/security/signon/user=admin&pass=pass

 

And the session token is returned in the response from the API and used as the "Authentication" header on subsequent requests

 

I read up online in the documentation that you can use extensions but they do not relate to this method
http://help.boomi.com/atomsphere/GUID-4DB0AA1F-2131-41C2-872C-F7F6D842A8BA.html

 

It also states in the documentation that "Process property values of data type Hidden are not visible in the UI. Hidden process properties should not be used to store passwords, however, because their values are not encrypted." which I confirmed by showing the HTML source of the page where these are managed and the password field shows the value in clear text

http://help.boomi.com/atomsphere/GUID-00A921FB-7D85-4A4D-A8E3-443E9A9FB30E.html

 

Therefore is there a preferred method of encrypting these values? I need to be able to reference them in parameters in a flow but I do not want any user who gains access to a compromised account to be able to lift these credentials

 

 

Any help would be appreciated - for now we will simply increase the password strength of our account

 

Many thanks

Darren

Outcomes