Page 1 of 1

secure a REST trigger

Posted: Tue Sep 01, 2020 5:13 pm
by leonardosalatino
Hi, is there a way to secure a REST trigger? I mean, when I set the trigger I just set an URL to my server and that's all, but Bullhorn is not sending anything for me to validate on my server such as a clientId or API key or something.
I don't see anything in the header or body that I can use, right?

Code: Select all

headers: {
	connection: 'upgrade',
	host: '1218xxxxxxxxxxxxxxxxxxxxx.com',
	'x-real-ip': '172.31.21.49',
	'x-forwarded-for': '204.62.53.4, 172.31.21.49',
	'content-length': '101',
	accept: 'application/json',
	'cache-control': 'no-cache',
	'content-type': 'application/json',
	pragma: 'no-cache',
	'user-agent': 'Java/1.8.0_51',
	'x-forwarded-port': '80',
	'x-forwarded-proto': 'http'
},
body: {
	data: { customText6: 'aa' },
	meta: { entityName: 'ClientCorporation', entityId: 168710, userId: 52 }
}

Re: secure a REST trigger

Posted: Wed Sep 02, 2020 10:58 am
by ggaragiola
Hello,

This is Grant from Bullhorn Support.

Are you attempting to obtain a Client Id and Secret? If you are then that is a request you will need to submit to our support team as it is something only we can set up on the back end. If I am misunderstanding the question please let me know and I will take another look.

Thank you

Re: secure a REST trigger

Posted: Thu Sep 03, 2020 4:22 pm
by leonardosalatino
Hi,

I'm trying to use the trigger to send data that is changed to another 3rd-party system that the client is using as backend. I did this in the past having a cron job that pulls data from Bullhorn and sends it to the backend, this was running all nights; but now I need this to be on demand; meaning that immediately after a clientCorporation is changed in Bullhorn, I need to send the data to the backend.

I was going to solve this using Bullhorn triggers; my middleware app is receiving the triggers, and sending the changed data to the backend. My concern is that anybody can send me anything to my middleware and I will send that to the backend. So, I'm wondering if there is anything I can validate to be sure that the request (trigger) is coming from Bullhorn.


I'm not sure which is the best way to resolve it. At the moment I'm planning to use the Bullhorn trigger just as a "sync request". When my app receives them I disregard all data and only get the entity type and entity id (also send a true to BH); with those I initiate a new Bullhorn connection and send a request for that entity type/id, this way I know data is coming from BH in a secured way. After that I sync to the backend. Would that work?


Thanks