Uploaded image for project: 'REST Client'
  1. REST Client
  2. MGNLRESTCL-113

Hide sensitive information from the rest call definiton query parameters / headers / etc.

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Neutral Neutral
    • 2.0
    • None
    • None
    • None
    • Yes
    • Yes
    • Declarative REST 14, Declarative REST 15
    • 3

      As a developer, I want to use values stored in the Password Manager in my REST calls, so that I can connect to APIs but not expose my API keys or secrets.

      Acceptance criteria

      • I can use values from the password manager¬†
      • In a header, parameter, path or body of REST call

      Context

      Many API's expect a text API key (sometimes called a secret or an API token) to be provided somewhere in the REST call. 

      For example: 
      http://api.openweathermap.org/data/2.5/forecast?q=London,us&APPID=11c86e6e92231833a10604185a855418

      Notes

      While working on the DRC presentation, i had configured api tokens in the rest call's headers - this might be a security issue for some users.
      I suggest to add an improvement, that would use password manager to hide the sensitive information. We could use a placeholder with password: prefix to denote that the value should be read from password manager and replaced with the password.

      Example:

      baseUrl: https://example.com
      restCalls:
        foo:
          headers:
            api_key: {@password:<UUID>}
      

        Acceptance criteria

              jsimak Jaroslav Simak
              jsimak Jaroslav Simak
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0d
                  0d
                  Logged:
                  Time Spent - 7.5h
                  7.5h