Securing web services called by Nintex Workflow for Office 365

  • 23 January 2019
  • 2 replies
  • 8 views

Hello, 

 

with Nintex Workflow for Office 365, i'm building a workflow that has to connect to LOB web services.

I want securing the web services access (Azure Functions).

The simpliest way may be to check the Nintex plateform IP, but what are theses IP adresses ? 

Do you have other option to secure the webservices ? 

 

Thank you for you feedback.

 

Best regards.

 

Hervé.


2 replies

Badge +7

You could try using the web request control. You can pass in a Username and Password.

What might be a better option is looking at building your workflow in Nintex Workflow Cloud. You can then build secure custom actions using the Xtentions Framework. You can still save all your data down to a list in SharePoint Online.

Badge +9

Hi Hervé,

How secure does this need to be? I think there are a few options with O365:

  • If you can configure Basic Auth in your function, you can use this, as long as you're connecting over HTTPS
  • If you want you could use a token that you periodically change, I believe one of the default Azure Function options is to have this key in the query string or header, without the being present the function would return 401. (In the URL you call have the query string ?code=[abcd...]), again secure over HTTPS
  • If you need something more secure, you can setup a SharePoint app/add-in and do a challenge response. This is a lot more involved but ends up having the workflow sign each request to your service, it's signed with a secret that only SharePoint and you know, so you can validate that the request is originating from SharePoint. These tokens have expiry etc. so provide a good level of security but would require a lot more work. Unfortunately I can't find an article right now that explains this in more detail so you may have to dig around for the full details.

Callum

Reply