community Alteryx IO Alteryx.com
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.

Alteryx DCM usage within the Download Tool (for generic API authentication)

markspivey
6 - Meteoroid
‎06-30-2023 11:24 AM

I'm working on updating an existing set of projects where I need to use the Download Tool in Alteryx to access various APIs, and wanted to securely store the credentials in DCM, rather than having them sit insecurely within the Download Tool itself. We can use access to the Okta API as an example, whereby the Okta API requires an API key which is typically passed in the HTTP headers as part of an API GET request. My goal is to securely store the API key and manage it through the Data Connection Manager (DCM).

 

I've set up DCM and understand how it can store and manage credentials like username/password pairs and specific methods for AWS and Azure services. However, I'm having trouble understanding how to use it for storing and managing generic API keys or credentials, which don't fit into these pre-existing categories.

 

In my Okta example, the Download Tool needs to be configured under the Headers tab to push a Name and Value for authentication purposes, which for Okta looks like this:

 

Name: Authorization

Value: SSWS {apiKey}

Raw: Authorization: SSWS {apiKey}

 

My issue is figuring out how to store this API key in the DCM and how then to reference that secret/variable in the Download Tool. Has anyone used DCM for storing generic API credentials specifically for use within the Download Tool for API access?

Labels:
Reply
12 REPLIES 12
markspivey
6 - Meteoroid
‎07-18-2023 03:47 PM

Also looking for best practice guidance over storing PEM Files or RSA Tokens, at the moment it would require storing the key on Alteryx Server or having to send across the file to others in order to access them.

Reply
0 Likes
acarter881
12 - Quasar
‎07-19-2023 09:14 AM

Hey, @markspivey.

 

I know what you mean. I've never used the Download tool in the way you're describing, but I've done similar things in Python.

 

For example, to use my API key in a Python script without explicitly pasting the key in, I used an environment variable.

image.png

 

I know DCM is the secure credentialing within Designer, but I'm not too familiar with it.

 

I would setup your secrets in environment variables and try using the GetEnvironmentVariable function.

Reply
0 Likes
markspivey
6 - Meteoroid
‎07-19-2023 05:01 PM

thanks, however, the intent is to eventually move the workflows from Designer to Server, so unfortunately I don't believe the GetEnvironmentVariable method would be a feasible option as it only works on Desktop.

Reply
0 Likes
shawnmacnova21
7 - Meteor
‎08-04-2023 12:56 PM

Started looking into this myself today! I will post if I get anywhere

Reply
0 Likes
MZ
6 - Meteoroid
‎10-02-2023 07:04 AM

I have the same problem.  We're looking to move to Server, and I don't want to store API credentials in text inputs

Reply
0 Likes
eddiestuder
6 - Meteoroid
‎10-16-2023 08:37 AM

Any luck on this topic? DCM is the key, I believe and I wonder if it's just a matter of adding another credential option for API key as a credential rather than the current basic option of no credentials, username, username and password.

The download tool is the current method for interaction with API's so seems logical that this could be integrated.

Reply
0 Likes
bkclaw113
9 - Comet
‎10-19-2023 04:53 AM

I have not actually been able to get it to work, but if you select the "Resolve on Payload" checkbox you should be able to reference the value that are stored in the DCM Credentials using aliases. Here is an excerpt from the download tool page (https://help.alteryx.com/20231/designer/download-tool

 

  • By selecting the Resolve on Payload checkbox, you can use DCM-specific aliases for Headers and Payload settings. The aliases can be used for both Name and Value while only Compose Query String/Body option is supported for Payload. Once you run the workflow, these aliases are automatically replaced by corresponding DCM values. Supported aliases:

    • {dcm:userName}

    • {dcm:password}

    • {dcm:host}

So given this I tried to connect to the Alteryx V3 OAuth Token endpoint using DCM.

I created a DCM Data Source that stores my Base URL

Then I  calculated the B64 encoded string using the logic from the Alteryx V3 Server API Authenticate Macro (including the word Basic)

I then created a username only credential and stored the full string in the username

Then I setup the DCM connection from the download tool

Then used the alias to create an "Authorization" header

 

However I am still getting a 401 Unauthorized response. It feels like everything should be right, anyone see something that I am missing?

 

 

Reply
0 Likes
bkclaw113
9 - Comet
‎10-19-2023 05:21 AM

With some investigation using Fiddler I realized that I had a misspelling in my endpoint, and also that I was missing the grant_type = client_credentials payload. With those updates I am now able to use the store DCM value to pass as the authorization header and get back a token.

 

Hopefully this approach fixes the problem for others as well!

Reply
MZ
6 - Meteoroid
‎10-19-2023 05:34 AM

Thank you @bkclaw113  - I will try this!

Reply
0 Likes
learn more about the python upgrade coming in may 2024
Labels