Custom API Authentication
Question

I am unsure of how to implement GetRequestContent or GetRequestHeader into the custom authentication. Just to give you a background on what I am doing, I am creating a Telegram bot and is thinking of how this authentication can be used to validate the users.

mvp_badge
MVP
Solution

Hi Terceira,

Can you elaborate a bit on what kind of "custom authentication" you are working on? Are we talking a REST service, or something else? What documentation describes GetRequestContent and GetRequestHeader?

Yes REST API

mvp_badge
MVP

You didn't answer my other questions :). I (and probably anyone else reading your post) need some more background information on what you are trying to achieve.

I guess the documentation would be how we could use those functions. Because from what I see, there are only definition on those. But I am not too sure on how to use it

mvp_badge
MVP

Yes, but I wonder why you think you need to use them. Customization of a REST API is typically done by using the OnBeforeRequest / OnAfterResponse, and you have the header and body available there. No need to use these Get Actions.

Sorry, my bet. So we have this bot token (which is the API key) and we want to validate the users that are truly the users of the company. So, we have this webhook function to pass the message from Outsystems to Telegram but in between we want to use Custom Authentication.  To add on, we have a form to record all the users who have filled up the form.

mvp_badge
MVP

A bit clearer. I assume that using the webhook is just calling a REST method on the Telegram service, and that's not the problem here right?

Is the bot written in OutSystems? What kind of authentication must the users provide, and what kind of authentication check do you envision?

yes that is not the issue. And yes, the bot is written in Outsystems. The authentication is mainly to check the users of the company. Because right now, we have a form and anyone can fill up this form but I just want the people in the company to access. 

mvp_badge
MVP

So at what point do you want to authenticate, and how do you want to authenticate? I assume the user can type something in the bot's input box, and the presses Enter or a "send" button? And you want to perform some authentication at that moment?

mvp_badge
MVP

Since the bot is coded in OutSystems, what happens when the user sends the input? I assume the user is already logged in, otherwise there is of course no way to authenticate them. But if the bot runs in the same context, you already know which user is logged in?

I wouldn't say they are logged in. In the form they just fill up their names to register and after which it will go back to the bot to key in temperature.

mvp_badge
MVP

So how are you planning on doing the authentication then? Based on the names they fill in? That's not very secure?

Yes based on their names and that is not secure. Which is why I am trying to implement authentication to validate

mvp_badge
MVP

Yes, but this is a functional problem, not a technical one. You started this topic by asking a technical question, but I can't see how you would like to functionally authenticate, in other words, what kind of proof of authentication do you want the user to provide to you, and when should the user provide this?

I want to authenticate to check if he/she is an existing employee before making an input in Telegram. Which is why I am thinking of using the GetRequestContent or GetRequestHeader.

(Edited by dkuhlmann on request of original poster)

Would that possible to implement? Or it is a functional issue here? If it is a functional issue here, my question will be redundant

mvp_badge
MVP

But when the user fills the form, you can then authenticate them, and use some session variable (traditional web) or client variable (reactive) to store some authentication key and send that along to the bot?

mvp_badge
MVP

When the user has filled in their detail in the form, you are going to check the name. If that check succeeds, the user is an employee. You can then return a unique token that can be sent to the bot, so the bot knows the user is genuine.

mvp_badge
MVP

Sorry, I missed your reply. It can be stored in a session variable (or client variable in case of Reactive), but the bot needs it as input parameter for verification.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.