REST Activity Advanced Configuration staging environment

Comments

6 comments

  • Avatar
    Harish Lakshmana

    Tobias, you can use the same Global variable feature for Authorization header value also. It works, I have used it.

    -1
    Comment actions Permalink
  • Avatar
    Tobias

    Thanks for the reply and this is a solution we considered. The problem is that with this solution everyone who has access to the "Shared Variable" has more or less access to username and password. 

    1
    Comment actions Permalink
  • Avatar
    Sam

    Hello - We have used this approach for a year and have recently considered it a security risk for the reasons Tobias has mentioned.  Here is a post where Agilepoint suggests a solution.  https://helpdesk.agilepoint.com/hc/en-us/community/posts/8956343073811-Where-do-other-developers-keep-environment-variables-Security-Risk- 

    0
    Comment actions Permalink
  • Avatar
    Meenakshi Nadimuthu

    Hello Sam, 

    When you edit a Global access token, the password or Client Secret (if you use OAuth) would not be shown to the user (this is already masked). Could you send us a screenshot of where it is displayed? 

    Thanks.

     

     

    0
    Comment actions Permalink
  • Avatar
    Sam

    Hi Meenakshi Nadimuthu I think there was some misunderstanding.  I am suggesting they use "global access tokens" and not "global variables".  Harish suggested they use the "global variables" and Tobias said that would not work for them.  I was suggesting they use "Global Access Token", as we had a similar issue and that was the solution given in my original post.    

    0
    Comment actions Permalink
  • Avatar
    Meenakshi Nadimuthu

    Hi Sam, 

    Sorry about the misunderstanding. Thank you for replying to the post. 

    Thanks

    0
    Comment actions Permalink

Please sign in to leave a comment.