cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2135
Views
25
Helpful
7
Replies

Authorization Header / Cisco Finesse - External REST API Sample Gadget

kenny.araya
Level 1
Level 1

Hello Everyone,

 

I'm using the Cisco Finesse - External REST API Sample Gadget to send credentials from Finesse to a URL in a GET request every time an agent answers a call. I am a little stuck in step 4, where the Gagdet's documentation specifies how to use the Authorization Header.

4. If the external REST API requires an authorization header, uncomment the line of code that adds the authorization to the options object. If the authorization type is Basic Auth, then you can skip to the next step.

 

Document link for reference: https://github.com/CiscoDevNet/finesse-sample-code/blob/master/ExternalRestApiSampleGadget/README.md

 

I did uncomment the line of code specified, now I am not certain how the credentials will be included in the authorization field of the options object (finesse.gadget.Config?).

 

Thanks in advance for the assistance provided on this!

KennyScreenshot 2021-11-29 at 15.22.25.png

 

7 Replies 7

Gerry O'Rourke
Spotlight
Spotlight

Kenny,

 

I believe the assumption in the example gadget if using authorization, is that the same authorization to log into Finesse is used to access the REST API.

 

If you have a look at this Link - it shows you how to get the login details / authorization of the logged in user:

https://devnetsupport.cisco.com/hc/en-us/articles/115012962388-Getting-the-user-s-credentials-in-a-gadget

 

And this is what the example gadget is doing.

If you want to send different authorization - set the header accordingly.

 

Here is some details and background on how to set basic auth.

Background

https://en.wikipedia.org/wiki/Basic_access_authentication

 

How to encode Base64-encoded ASCII

https://developer.mozilla.org/en-US/docs/Web/API/btoa

 

Example:

https://www.codegrepper.com/code-examples/javascript/basic+authentication+header+javascript

 

Regards,

Gerry

Hi Gerry,

 

Thanks for your response. You are correct, I am actually trying to send a different authorization, in this case where should I include the piece of code from https://www.codegrepper.com/code-examples/javascript/basic+authentication+header+javascript in the gadget code?

 

Thanks again,

Kenny

Hi Kenny,

 

You need to change the authorization line to something similar to the one found in your link.

 

Change:

authorization: _util.getAuthHeaderString(finesse.gadget.Config),
to
authorization: "Basic " + finesse.utilities.Utilities.b64Encode(username + ":" + password),
where the username variable is the user's username and the password variable is the user's password. Of course you should not be hardcoding this information in the JS, so you will need to retrieve this data somehow.
 
Thanx,
Denise
 

Hello, 

I am approaching a similar scenario where I may need to authenticate with a 3rd party web service using a secret. As mentioned in a previous post, "you should not be hardcoding this information in the JS, so you will need to retrieve this data somehow". What is the best practice for storing something like an API access token to later retrieve and use from the finesses gadgets? 

Thanks, 
Stephen 

Hi Stephen,

Is this API access token unique per agent or is it one token for all agents?

Thanx,

Denise

One token for all agents. 

However, I would be interested in understanding the solution for both scenarios, if they are different. 

Hi,

That is a very tricky situation. I don't know what is best practice for this, but the only thing that comes to my mind is pretty complex. It would be to build a REST API that takes the agent's login credentials to authenticate getting the API token and everything will need to be encrypted and such.

This gadget works for APIs that does not require authentication, uses the same agent credentials, or even the abilty to have a login screen first to gather the credentials/token.

Thanx,

Denise