Protecting bearer tokens

We're wanting to integrate with Ellucian Ethos Integration, which uses BEARER authorization headers to authenticate. So far the only way I've found to do this in the TDX iPaaS leaves the token in plaintext, which means that anyone with access to our iPaaS tentant can see the token. Is there any way that I can store the token somewhere in iPaaS and have it masked like a password?

Tags iPaaS
Asked by Christopher Myers on Fri 4/1/22 10:41 AM
Sign In to leave feedback or contribute an answer

Answer (1)

This answer has been marked as the accepted answer
Mark Sayers Fri 4/1/22 1:56 PM

Hello Christopher,

You should be able to restrict access to the application that this flow is built within. Is that enough of a security measure that you're comfortable it won't allow unauthorized viewing of this flow and the tokens it will be using?

If not, we'll need to have you submit a support ticket formally (via this service: Ask a product question ) so we can have our iPaaS folks review which options might be best to allow you to achieve greater security measurements for this flow.

Sincerely,

Mark Sayers

Sr Support Consultant, CS

No feedback
Thanks Mark!

We'll have a number of folks developing in iPaaS who shouldn't have access to those auth tokens, so we're hoping to protect them more than using just "iPaaS application"-level security, so I created a question as recommended. - Christopher Myers Fri 4/1/22 2:52 PM