cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
Denise
Obsidian | Level 7 Denise
Obsidian | Level 7

client secret security for API interaction

Posted 03-17-2023 11:54 AM (425 views)

I have followed the directions of Chris Hemedinger and Joseph Henry for retrieving the token needed for interacting with SharePoint and OneDrive.  I have an Azure API with a client secret. 

 

I am trying to figure out how to best lock down the value of the client_secret and yet have it accessible to the users of my environment so that they can utilize the API calls from SAS to o365 SharePoint Online.

 

What is the recommended method to hide this value?

 

I thought of a %include, but that needs to be readable for their code to work.  I thought of burying a macro value but any savvy user would know %put &thesecret. ; in a SAS session would show the literal value.

 

Thank you in advance for sharing your thoughts and experiences in this thread.

Reply
3 REPLIES 3
PiRho1
Fluorite | Level 6 PiRho1
Fluorite | Level 6

Re: client secret security for API interaction

Posted 03-17-2023 01:00 PM (389 views)  |   In reply to Denise

Can you share any additional information about your SAS environment? version? platform? my first instinct would be looking at a metadata object. However, that would assume a SAS installation that included a metadata server.

0 Likes
Reply
Denise
Obsidian | Level 7 Denise
Obsidian | Level 7

Re: client secret security for API interaction

Posted 03-17-2023 01:29 PM (377 views)  |   In reply to PiRho1

I have a 3-Tier (non-grid) Linux set up.  RHEL 7, SAS 9.4m6.

 

So, yes, I have a metadata tier. 

 

 

0 Likes
Reply
Vincent35
Obsidian | Level 7 Vincent35
Obsidian | Level 7

Re: client secret security for API interaction

Posted 07-06-2023 01:48 PM (215 views)  |   In reply to Denise
If you can use a user/password to authenticate, you can store that into an AuthDomain in your meta, and call your API through a "proc http" with an Authdomain parameter.
If the client ID is a parameter of the request, you can encapsulate your code (proc http or curl), into a stored compile AND secure macro :
%macro MP_MACRO / store secure ;
option NOMPRINT NOSYMBOLGEN ;
%local mv_secret ;

proc http .....

%mend ;

with this, end users can not have the secret !
0 Likes
Reply

SAS INNOVATE 2024

Innovate_SAS_Blue.png

Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.

If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website. 

Register now!

Discussion stats
  • 3 replies
  • ‎03-17-2023 11:54 AM
  • 426 views
  • 1 like
  • 3 in conversation