Best answer

using certificates and private keys with custom app

  • 3 May 2020
  • 9 replies
  • 3827 views

I’m working on a private integration that has uses an ssl certificates and private key for authentication. I don’t know which authorization option to use in the zapier platform builder.

 

I’d be find with doing this with webhook, but I can’t seem to find how to pass the key and pem files to zapier.

icon

Best answer by BowTieBots 21 May 2020, 14:52

View original

This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

9 replies

Userlevel 7
Badge +7

Hi there @jasonlittle , great to see you are integrating an App.

 

I didn't completely understand what kind of authorization you would like to do with an SSL certificate. Could you be a bit more detailed, and explain what kind of authorization and where?

 

Let me know

~Bjorn

I’m integrating with Open Badge Factory and they use X.509 client certificates to authorize API access. I’ve generated the certificate and private key files but I don’t know how to send them by using Zapier’s platform builder.

 

https://openbadgefactory.com/developers/#open-badge-factory-rest-api

Userlevel 7
Badge +7

I see the challenge here now. Maybe you can have a look at environment variables: https://platform.zapier.com/docs/advanced#environment-variables

If you export the plain data from those keys into a variable it might work like you expect. 

 

Let me know if this works!

~Bjorn

I can set those up, but I’m not sure which authentication scheme to use. Would I use basic auth or session auth? I’m not sure how I’d pass the .pem and .key variables to their service. As header options?

Userlevel 4
Badge +4

@jasonlittle you will need to use a session auth for this. 

 

Looking at the authentication flow for open badge this is not a standard authentication process.  Read the documentation carefully when you go to implement.

Thanks @BowTieBots I tried and still get 401 forbidden errors. I’m not sure I’m passing the key and CSR properly so I’m going to download Charles or some other proxy sniffer to see what’s happening. I can’t see a way to troubleshoot in the Zapier builder.

This is what I have setup. The SSLKEY/CERT variables refer to the environment variables I setup.

 

 

Userlevel 4
Badge +4

Hi @jasonlittle,

In order to handle the non-standard auth process you will need to switch to “Code Mode” to get the authentication logic correct.

The Openbadge auth process requires you to modify the SSLCERT using the SSLKEY before sending it back for authentication.  Zapier by default just sends the SSLCERT as received which is why you are getting a 401 response.

What is your comfort level with Javascript?

@BowTieBots I can figure it out...I know how to do this in PHP through their examples, just need to be pointed to a JS example!

I tried using Integromat (zapier competitor...) and it works just fine. I see the cert and key being passed in zapier, but I still get 401 errors. Integromat has support for SSL with cert/keys so I’m going to use that instead. 

I did try using the JS equivalent of cURL in ‘code mode’ but the problem (I think) is how zapier does the initial connection authorization.