External API request with client certificate authentication support?

Hi, I need to connect to an external API that uses a client certificate for authentication. Is this supported in Xano?

Comments

  • Ray Deck
    Ray Deck Trusted Xano Expert ✭✭✭
    Usually this means a custom header needs to go with the transaction, which Xano supports. Sometimes devil is in the details - whats the service?
  • mike-k
    mike-k Member ✭
    Thanks for the reply - it's a payments API through a company called Blackhawk. Their documentation is behind a log in. However, here's all that they say about authentication. I have a certificate and just installed the pfx file into postman on it works fine. Do you have any tips on how I can determine what headers to send?
    “The Hawk Marketplace APIs use mutual authentication by means of a signed certificate provided by Blackhawk Network. The certificate contains embedded values that support authentication, authorization, and billing.

    Your applications are authenticated through the use of embedded values in the client certificate. The overall client Request Context comprises the full set of HTTP headers and embedded certificate values. These properties are used for purposes of authentication and authorization across multiple requests.”


    “Obtaining Your Certificate for Authentication
    During the integration process your implementation project manager will work with you to obtain your client certificate.

    The certificate values are mapped to a system user within Blackhawk Network. That system user is associated with a set of client products specific to your organization.”
  • Ray Deck
    Ray Deck Trusted Xano Expert ✭✭✭
      Cool. This looks like you're using TLS mutual authentication. AFAIK that's something you can do by wrapping your call in a Xano lambda to call fetch directly by configuring the HTTPS agent with your certificate. I appreciate the previous sentence might sound a little alien - cryptographic stuff is weird!  Here's an article that might help. Note that lambdas are exclusive to the paid tiers of Xano.

    Glad to help more as we get deeper in the weeds. This kind of deep stuff is where a 1-1 session can add value. 
  • mike-k
    mike-k Member ✭
    Thanks for this help, Ray! I'll dig into this and let you know if scheduling a session makes sense.
  • mike-k
    mike-k Member ✭
     Ok, so I looked into this and tried implementing the code. I removed the imports, since they aren't allowed. I'm running into an issue creating the https agent. 
    const sslConfiguredAgent = new https.Agent(options);I get an error: "https is not defined"... any idea how to make that available or figure out what they have imported https under?
  • Ray Deck
    Ray Deck Trusted Xano Expert ✭✭✭
     I'm on the move atm, but here's an idea: can you try replacing https with require("https") to see if it gives you a different result? 
  • mike-k
    mike-k Member ✭
     Thanks for the response... I updated it to this:

      const sslConfiguredAgent = new require("https").Agent(options);

    I now get a new error:

    {"response":{"response":"Cannot find module 'https'"}}
  • Ben -5225939
    Ben -5225939 Member ✭
    edited November 2022

    Hi @Ray Deck you are referring to an article on lambdas when dealing with TLS mutual authentication. However I am unable to find the article. Would you mind sharing the article again? Thanks, much appreciated!

  • Ray Deck
    Ray Deck Trusted Xano Expert ✭✭✭

    Hi @Ben -5225939 I don't recall the exact article I shared, but here is another on the subject of mutual TLS: https://www.matteomattei.com/client-and-server-ssl-mutual-authentication-with-nodejs/

    Xano now has support for the https library in its lambdas, so you can apply this technique for making your requests.