I would like to invoke an external service from Singlestore and exploring External function.
The remote service is a HTTPS service and it needs client cert as well. How can I pass the client cert and password to the external function call?
We don’t currently support client cert for external functions yet. For now, You can work around it by adding a proxy server in between.
Do you support any additional header? How can we pass the auth details to the REST call? Any example?
Yes, additional headers can be defined with an HTTP link, e.g. CREATE [OR REPLACE] EXTERNAL FUNCTION · SingleStore Documentation
This allows for simple HTTP authentication.
1 Like
How can we include keystore file path and keystore password for the HTTPS call?
-
HTTPS client cert is not passed as HTTP header. It is used in the initial handshake for HTTPS protocol.
-
If you are using S2MS, you probably don’t have direct access to filesystem.
In short, we don’t currently support HTTPS client cert. You need to workaround it by setting up a proxy server in between SingleStore and your service. The proxy service relays the network traffic and adds the client authentication layer to it.
How to protect the proxy server if we setup proxy b/w Singlestore and the HTTPS service? Do you recommend to go with the Auth header over HTTP? Why SSL is not supported?
Why SSL is not supported?
SSL is supported, but SSL with client cert is not supported.
How to protect the proxy server if we setup proxy b/w Singlestore and the HTTPS service? Do you recommend to go with the Auth header over HTTP?
Yes, you can use custom http headers to implement a password-based authentication:
For example, create a http link
CREATE LINK link AS HTTP
CREDENTIALS "{\"headers\":{\"authorization\":\"Bearer <token>\", \"version\":\"2.3\"}}";
then
CREATE EXTERNAL FUNCTION ... LINK link;
The custom http headers will send with each external function call, and can be used by your proxy server for client authentication.
2 Likes