Hi Akhilesh
That's a good catch and a very interesting suggestion.
It does raise the question, can a specific implementation of an API be expected to cater for all possible auth requirements of potential API consumers.
It needs more thought, and I'm taking it up with my colleagues on the API team.
------------------------------
Jonathan Goldberg
Amdocs Management Limited
Any opinions and statements made by me on this forum are purely personal, and do not necessarily reflect the position of the TM Forum or my employer.
------------------------------
Original Message:
Sent: Feb 15, 2022 23:50
From: Akhilesh Dwivedi
Subject: Query on Notification Callback URL
Hi
TMF630 does not provide a way to notification subscriber/consumer to suggest if auth is needed on callback URL or a way to share AUTH info to notification producer.
One solution could be in include an additional header e.g. Callback_Authorization in addition to default http header Authorization.
1.Authorization header to authenticate Notification Subscriber to Notification Producer
2.Callback_Authorizationto to authenticate Notification Producer to Notification Subscriber.
Regards
Akhilesh
------------------------------
Akhilesh Dwivedi
Ericsson Inc.
Original Message:
Sent: Aug 25, 2021 01:43
From: Jonathan Goldberg
Subject: Query on Notification Callback URL
Hi Rajesh
- https is fine, even preferred. The examples in the specs/user guides are just that, examples.
- The Open APIs don't explicitly deal with authentication, there is an assumption that you have standard HTTP authentication mechanisms in place in your headers. See the section on authentication in TMF630 Design Guidelines Part 1, downloadable here.
Hope it helps
------------------------------
Jonathan Goldberg
Amdocs Management Limited
Any opinions and statements made by me on this forum are purely personal, and do not necessarily reflect the position of the TM Forum or my employer.
Original Message:
Sent: Aug 24, 2021 04:00
From: Rajesh I V
Subject: Query on Notification Callback URL
Hello,
I have a query on type of Call back URL supported on behalf of alarm listener. I was going through the TMF 642 Alarm Management APIs. The snippet as attached from the doc.
|
POST /api/hub Accept: application/json {"callback": "http://in.listener.com"} |
|
201 Content-Type: application/json Location: /api/hub/42 {"id":"42","callback":"http://in.listener.com","query":null}
|
My queries are,
- Should the callback URI only supported for plain "http" or can we use it for "https" also. Most of the examples I see only http.
- Basically if the listener (receiver of the notification) needs to ensure the authenticity of the sender and expects the data to be encrypted. So, our receiver system will have authentication in place and provide token for authorization for sender (Alarm creator). If we want to support such receiver system how to expose the callback URI. Is there any other payload format or sequence of APIs supported in this case.
Sorry in case this type of query is answered else where. But I couldn't find the right one when I briefly searched.
Awaiting your response
Thanks
Rajesh
------------------------------
Rajesh I V
Cisco Systems
------------------------------