Product Updates

Soracom is IoT connectivity with powerful APIs that enable you to build world class applications

4 months ago

Soracom Flux Webhook Action now supports Credential Store authentication

We are excited to announce that the Soracom Flux Webhook action now allows the use of credentials stored in the Credential Store to add Authorization headers.

Previously, while it was possible to add Authorization headers in the Webhook action, it was limited to fixed token authentication methods, which posed challenges in terms of security and flexibility. With this new feature, you can now dynamically generate Authorization headers, enabling you to authenticate with your servers or cloud services more securely. This enhancement significantly improves the flexibility and security of your automated workflows.

Key Improvements

  • Dynamic Token Generation: You can now send Webhooks to services that require dynamic authentication tokens that change with each request, such as AWS Signature V4.
  • Enhanced Security: By utilizing the Credential Store, sensitive credentials are not exposed in the Soracom User Console, reducing the risk of leaking credentials.

Available Authentication Schemes

The following authentication methods can now be used to add Authorization headers in the Webhook action:

AWS Signature Version 4

Generate an Authorization header in the AWS Signature Version 4 format, along with the specified AWS service and region.

  • Supported Credentials: AWS credentials, AWS IAM Role credentials

Basic Authentication

Generate a value based on the username and password and add an Authorization: Basic ${value} header to the request.

  • Supported Credentials: Username and passsword credentials

Bearer Token

Use a value stored in the Credential Store directly to add an Authorization: Bearer ${Token} header to the request.

  • Supported Credentials: API Token credentials, Pre-Shared Key

Bearer Token (JWT)

Generate a JSON Web Token (JWT) based on the information stored in the Credential Store and add an Authorization: Bearer ${Token} header to the request.

  • Supported Credentials: Google Service Account (JSON), Private Key (PEM)

Usage

For detailed instructions on how to utilize this feature, please refer to the following resources:

If you have any questions or concerns, please feel free to contact Soracom Support.