Hello!
I’m working on a project that requires the use of a custom API authentication method using middleware.
I have a Backend API workflow set up to receive API calls from a third party.
The data from the third-party includes (among other data) an Authorization header with a hashed signature key. That hash string includes the body of the request, to ensure the data has not been modified in transit.
When the API call is received, I need to run an authentication script on my end to validate the hash. I have set up a plugin with an action to handle this . The action receives properties from the Bubble app for the string to hash and verify. For the other headers (auth,host,headers) included in the final hash, this is easy because I can pass the header string directly, and they don’t change.
For the body, however, the API call might not always receive all fields as set up during the initialization and so I need to pass the entire body of the incoming API call for verify the hash, I can’t pass on just the values of the fields.
To do so, I set up a field in the Plugin to pass the object from the API as a dynamic field, and type ‘Any thing’. The issue arises here, and can be seen in the Server logs.
When passing the JSON data received through the API to the Plugin Action, Bubble modifies the body with additional information.
This of course leads to the hash being different, and the authentication failing.
Does anyone know of a workaround for this, were I could pass the raw JSON received through the API Workflow to the Plugin action?
Thank you!