Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.
community Alteryx IO Mission Control
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Designer Desktop Discussions

Find answers, ask questions, and share expertise about Alteryx Designer Desktop and Intelligence Suite.
SOLVED

Tips for protecting or obfuscate API keys/credentials in Download tool

mcha54
8 - Asteroid
‎01-29-2019 12:27 PM

We are starting to use the Download tool more and could potentially share out our workflows. Are there any best practices or tips on protecting or keeping them hidden? The workflow would still need to be runnable with the API key.

Labels:
Reply
0 Likes

Accepted SolutionSolved! Go to Solution.

5 REPLIES 5
Harbinger
9 - Comet
‎01-29-2019 07:12 PM
I’d wrap the entire download tool in a standard macro. This actually can be a good idea anyhow as often times you’ll spend about 10/15 tools parsing the json,xml, or other data that is returned. So, to the end user it will just show up as a single tool magically pulling in data from the api.
Reply
0 Likes
danilang
19 - Altair
19 - Altair
‎01-31-2019 05:48 AM

Hi @mcha54 

 

@Harbinger idea is a good one, but converting to a macro can be time consuming and there's nothing stopping the user from right-clicking on the macro and opening it in designer where your API keys will be visible  Instead, you can just convert your workflow to an analytic app.  Then export your new app(Options->Export Workflow) with encryption.  

 

Encrypt.png

 

Make sure you have suitable output options set in the interface designer.  

 

Interface.png

 

Attached is the analytic app that I exported with encryption for the following simple workflow

 

WF.png

 

When you run it, all you get is the interface.  The guts of the workflow is encrypted.  All that readable in the workflow XML is some interface/system related info

 

A word of caution:  Alteryx encryption is one-way.  Once the workflow is encrypted, it can't be edited by anyone, even the person who encrypted it.  Save the original somewhere 

 

 

   Dan

 

New Workflow1.yxzp
Reply
Claje
14 - Magnetar
‎01-31-2019 09:18 AM

The main challenge for any request like this is that it is at best obfuscation.  Because of the nature of API requests (traffic is sent from the machine running the request), any technology which is requesting data from an API using a local device will inherently allow a sufficiently motivated user to identify the API key.

 

If the security of these API keys is truly a requirement, you would likely need to involve a technical team, and likely an (internal) server to handle the actual API requests.

 

A few thoughts on how to accomplish this:

An Alteryx workflow published to Alteryx Server could maintain the API key and have a payload defined by the user.  You could then use the Alteryx Gallery APIs to execute and pull results from this process.

A server with a self-built API that mirrors the desired destination API, and manages the API key.  This server would receive an API request and essentially "pass" this query on to your desired end location, including the API credentials, and would then return the expected response data.

If all you need to do is prevent a user from accidentally gaining access to the API key, then the other options presented in this thread will definitely help to meet this need.

Reply
mcha54
8 - Asteroid
‎01-31-2019 08:29 PM

Thanks everyone for the feedback and solutions! Definitely needs some thought to implement.

Reply
0 Likes
MuggleJosh
5 - Atom
‎06-06-2023 12:20 PM

We make individual users get their own api keys and then include the key as a macro input/config. That way the activity is always traceable to the user and there is not underlying key to be stolen. Usually these keys will have less access than other production/integration keys. 

Reply
0 Likes
view community events calendar
designer new user guide
Labels