Creating custom node and the getting accesstoken and then making api call on single custom node

Hello,

I created the custom node called getMachines
where I will be supplying the ClientId and ClientSecret in input of the node.
And after that i will be accessing the accessToken to get the API data.
After that on the accesstoken want to fetch the machines api.

and this all process should be in one single custom node.

Please help me, how to achieve this solution.

Thanks,
Sudthakur

Nobody can help without more information than that. We can't guess the form of the token, how/where it is created, how long it is valid for, how it is renewed, what other requirements the API has, ...

Thanks for asking these question to myself also.

I want authentication through auth0 by grant_type=client_credentials, clientId and clientSecret available.
want to get first the accesstoken by the above information passing through post method.
And after getting the accesstoken want to fetch the api and get the json data.

Please help me on this, as new to this authentication things and with auth0 also.

and do please let me if more information is needed.

Thanks,
Sudthakur

Hi @Sudthakur,

To achieve that you have more than one option, and security ways.

  1. store your keys securelly;

  2. create the payload, headers and url as required by documentation

  3. make de request

  4. finaly get your access_token

in my opinion, first of all, store your secrets using env variables.
https://nodered.org/docs/user-guide/environment-variables

After that you can retrive values using function node.
https://nodered.org/docs/user-guide/writing-functions#env

OR

Use de change node to assign the env variable to required variable as API documentation
https://nodered.org/docs/user-guide/nodes#change

the next step will be request call.
set url, headers and boddy...
https://cookbook.nodered.org/http/#http-requests

if you done the above activities well, you will be able to receive your access_token in msg.payload

from here, you can make the next request using the same knowledge to get the main information from API.

Hope this helps.

Please remember that environment variables are easily picked out of memory - they are not a secure store. They can reduce exposure but they are not really a security mechanism. For that you need a secure keystore and good isolation between processes.

Having said that, they are probably good enough.

1 Like