Forum Discussion

Boss

3 years ago

Best way to handle staging site basic auth?

Hi ya'll!

In working with developers who are attempting to integrate 3rd party systems with our Khoros Community platform, one of the first things we encounter is the fact that our Khoros staging site has http basic auth (the popup that appears on the browser when you attempt to access our staging URL) in addition to the Khoros user auth.

I typically recommend that they get through the basic auth in their scripts / Postman via using a staging URL of the format https://basicAuthUsername:basicAuthPassword@[staging-url]

Is this the best way to do it?

Whatever the recommended method is, it would be great if it was added to the Khoros API documentation as it's a very common stumbling block.

Thanks!!

API

Community API

MattV
3 years ago
Well, in Postman, instead of putting the auth as a URL, i'd suggest passing it as a header (Authorization Tab, Basic Auth).

Another, less desirable option would be to have HTACCESS removed on stage, and to prevent bots from crawling, add this to the page head content:

<#if config.getString("phase", "prod") == "stage"> <#-- disallow indexing for stage since HTACCESS is disabled --> <meta name="robots" content="noindex,nofollow"> </#if>

Obviously the problem with this is, stage would still be accessible via the broader internet.

MattV
Khoros Staff
3 years ago
If they are using a corporate network or VPN, you can contact support to have their corporate vpn IP address whitelisted on stage so they don't get the password prompt.
- CarolineS
  Boss
  3 years ago
  This isn't always possible (e.g. 3rd party devs who aren't on VPN); what do you recommend when not possible to whitelist?
MattV
Khoros Staff
3 years ago
Well, in Postman, instead of putting the auth as a URL, i'd suggest passing it as a header (Authorization Tab, Basic Auth).

Another, less desirable option would be to have HTACCESS removed on stage, and to prevent bots from crawling, add this to the page head content:

<#if config.getString("phase", "prod") == "stage"> <#-- disallow indexing for stage since HTACCESS is disabled --> <meta name="robots" content="noindex,nofollow"> </#if>

Obviously the problem with this is, stage would still be accessible via the broader internet.
- CarolineS
  Boss
  3 years ago
  Thanks! Does it work to send both the http basic auth AND your session key / whatever Khoros auth info that’s needed in the header? I’ve struggled with that a bit (but also don’t really know what I’m doing :))
  - MattV
    Khoros Staff
    3 years ago
    Yes, you can do both at the same time.

Forum Discussion

Best way to handle staging site basic auth?

Related Content

Stage SDK Changes?

Basic Postman question w/ Khoros API

Force/trigger a SASS precompile at Stage?

Handling the upcoming LIMIT and OFFSET changes

Distinguish Between Stage and Production With FreeMarker

Recent Discussions

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined