cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
alepage
Barite | Level 11 alepage
Barite | Level 11

In a PROC HTTP call , how to secure the client_secret and client_id

Posted 09-12-2023 02:06 PM (622 views)

Hello,

 

we were asked to switch from the use of an api token to a bearer token.

I would like to know how to secure the client_secret and the client_id macro value in a manner that they are not visible no were , special ly into the log file and the SAS will remember those values when the macro function BearerToken will be triggered.

Here's the content of the include statement (the values are truncated for safety purpose)

options nonotes nosource nosymbolgen;

%let client_secret=...OQ2JpllUr5xAapIH72YNUOrrVBDbs;
%let client_id=...ae890;

The macro function BearerToken

 

%include ".../Credentials.sas";

%macro BearerToken(client_id, client_secret);
options source notes ;
/* Example of call: %BearerToken(&client_id., &client_secret.); */


/* For debugging only ! Reading the input values 
%put reading the input values: &=client_id &=client_secret;
*/

/**** Converting the Client_id and the client_secret using base64 encoder to obtain the corresponding Basic Authentication value  ***/
data _null_;
  length newString $200.;
  newString=cats("&client_id.",":","&client_secret.");
  call symputx('Basic_Auth',put(trim(newString),$base64x300.),'g');
run;

/* For debugging only !
%put &=Basic_Auth;
*/


/* Sending the Basic Authentication value to the appropriate web site, via an API call to obtain the Bearer_token ****/

options set=SSLREQCERT="allow";
filename resp temp;

/* must include content-type/CT= option */
proc http 
 url="https://ca1.qualtrics.com/oauth2/token"
 method='POST'
 AUTH_BASIC
 AUTH_NEGOTIATE
 ct="application/x-www-form-urlencoded"
/* in='grant_type=client_credentials&scope=read:survey_responses read:users'*/
 in='grant_type=client_credentials&scope=manage:all'
 out=resp;
 headers "Authorization" = "Basic &Basic_Auth."; 
;
run;
/* Checking the log for the API Call */

%put &=SYS_PROCHTTP_STATUS_CODE;
data _null_;
 rc=jsonpp('resp','log');
run;

/* Getting the Bearer Token */

libname auth json fileref=resp;
%global Bearertimer_start BTExpIn; 
data test;
 set auth.root;
 %let Bearertimer_start = %sysfunc(datetime());
 call symputx('BearerToken',access_token,'g');
 call symput('BTExpIn',expires_in);
 call symputx('BearerTokenValid','Yes','g');
run;

%mend BearerToken;
%BearerToken(&client_id., &client_secret.);

 

Then the ValidateBearerToken

 

%macro validateBearerToken;
%put "The inital validity period for the Bearer Token is:  &=BTExpIn seconds";
Data _null_;
dur = datetime() - &Bearertimer_start;
BearerToken_Remaining_time=&BTExpIn. - dur;
put "The elapsed time is :" dur;
put "the Bearer token will remain valid for :" BearerToken_Remaining_time " seconds";
if BearerToken_Remaining_time < 3500 then call execute("%nrstr(%BearerToken(&client_id., &client_secret.);)");
run;
%put &=BearerTokenValid;
%mend validateBearerToken;
%validateBearerToken;

 

 

 

0 Likes
Reply

sas-innovate-white.png

Missed SAS Innovate in Orlando?

Catch the best of SAS Innovate 2025 — anytime, anywhere. Stream powerful keynotes, real-world demos, and game-changing insights from the world’s leading data and AI minds.

 

Register now

Creating Custom Steps in SAS Studio

Check out this tutorial series to learn how to build your own steps in SAS Studio.

Watch Creating Custom Steps in SAS Studio on YouTube

Find more tutorials on the SAS Users YouTube channel.

SAS Training: Just a Click Away

 Ready to level-up your skills? Choose your own adventure.

Browse our catalog!

Discussion stats
  • 0 replies
  • ‎09-12-2023 02:06 PM
  • 623 views
  • 0 likes
  • 1 in conversation