Third party webservices authentification

Help me!
#1

Hey everyone, hope you’re doing fine!

I wanted to know how I can secure with a token an api call from the ForestAdmin app to my API to get some documents from a documents server?
I was wondering if I’m adding a JWT token through my Forest call to my API would do the job? Is it the best way or there is an other solution which is to connect directly to the document server from my forest app without passing by the other API to get to the documents server?

ForestAdmin :

  • Lumber
  • Nodejs
  • PostgresSql

Thanks a lot!!!

#2

Hi @caid,

Thanks for your message!

Could you please describe what is the precise usecase that you’re trying to achieve here?
For instance: you want your users to be able to download some documents that are referenced on a collection and stored on a dedicated server?
Just in case it could interest you, here is an example on how to create a smart collection of documents stored on S3.

#3

Hey @adriguy !
Thanks for your fast reply!
Sorry I didn’t bring enough details :confused:
So in my API I have a route to download a document from a document server (it’s a in-house S3 like server), my question was, is it a good idea to try to get the documents from the document server directly by adding the access in my ForestAdmin app to the document server or should I make a request to my API from ForestAdmin to get the documents (if this is the adviced method, how can I secure the call, should I secure the request with a JWT token auth in my API route?)?

I don’t know if it’s a better explained, please let me know!

Best,

#4

@caid I’m still not entirely sure I understood your case.
What you want is your user able to download a document when clicking on a button?
If so, a good way to do it will be to create a smart action (this call will be secured). And in this smart action definition (in your forest admin backend), you’ll be able to either call directly your documents server or to call your api.

Let me know if that helps!

#5

Hey @adriguy

Thanks for your reply!
Yes you’re right!
I’m trying to download some documents through ForestAdmin.
So if I use a smart action button to call my API, how can I secure the route of my API? Because that would be an usual route but how can I be sure that call is from ForestAdmin?

Thanks a lot!!!

Best,

#6

Hello @caid,

I suppose that you should add a middleware that will look at the origin of the request made to your server? But I suppose that it will not be sufficient in term of security and that you should add something else like a JWT token or a key that confirm your identity for instance.

Adrien already mentioned it but we do support collection from AWS S3 bucket even if in your case this will not fit with your use case :slight_smile:

Let me know if it helps,

#7

Hey @lclisson

Alright thanks a lot !!!
Does Forest have a module, method, to generate a token or a key or do I have to do it myself ?
Yess thanks a lot to you and @adriguy for the s3 docs, we are not using s3 unfortunately but still learnt a lot :slight_smile:

Best,

#8

I think this documentation could help you to do what you want.

Let me know if this is what you were looking for :slight_smile:

Best,

#9

Yes it’s perfect, thanks a lot @lclisson !!!