REST web service connection¶

Endpoint
- The web service endpoint that is the root for all queries
- This is typically of the form protocol://resource, for example https://api.google.com
- This end point can be extended when the connection is used to create an adaptor
- No trailing slash or question mark is necessary here
Constant Query Parameters
- This is the list of query parameters that will not change or be overridden in the adaptor
- Typical use is for an api key that does not change
- Additional query parameters can be added in the adaptor
- Click on Add Query Parameter to bring up menu to add a query parameter
- Click on the trash can icon for an existing query parameter to delete it
Constant HTTP Request Headers
- This is the list of HTTP request headers that will be sent for all requests for any adaptor that uses this connection.
- Typical use for for unchanging headers like ‘Content-Type’
- They are constant (cannot be dynamically set). If wanting a dynamically set header, they can be set on individual adaptors
- Click on Add HTTP Request Header to bring up menu to add an HTTP request header
- Click on the trash can icon for an existing HTTP request header to delete it

If changing the endpoint, or the value for a query parameter or HTTP request header, remember to save the Connector to update the definition.

Mutual Authentication¶

Mutual Authentication is an optional additional security feature provided by Acquia Journey. Mutual Authentication is off by default for REST web service connections.

Mutual authentication or two-way authentication refers to two parties authenticating each other at the same time. This is an added security protection that is often implemented in internal business application. By default the Transport Layer Security (TLS) protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the client to the server is left to the application layer.

TLS also provide client-to-server authentication using client-side X.509 authentication. This requires provisioning of the certificates to the clients. Mutual TLS authentication (mTLS) is widespread in business-to-business (B2B) applications as it insures that only a limited number of programmatic and homogeneous clients are connecting to specific web services, the operational burden is limited, and security requirements are greater.

In order to allow a client to communicate with a Mutual Authentication protected endpoint, Acquia Journey’s certificate authentication chain must be added to the server’s configuration for trusted client certificate chains. Acquia Journey’s public certificate will be provided in the bundle as well.

Obtaining the public certificate¶

The first step in setting up Mutual Authentication is to obtain the proper certificates from Acquia Journey to register with your gateway server or firewall. To do this, contact Acquia Support to request the certificates for Mutual Authentication.

Configure web server / gateway¶

Once you have the client-side certificates, they need to be registered with your web-server or gateway. This process may differ based on your server configuration, but the systems administrator for the business application should be familiar with how to register new certificates.

Enable Mutual Authentication in the REST connection¶

The next step in setting up Mutual Authentication is enabling the feature for a specified environment and REST Web Service connection. This ensures that Acquia Journey will properly authenticate via certificate with the endpoint it is targeting. Go to the Admin screen and click the Projects button on the left hand side.

Select the project you want that you want to leverage Mutual Authentication
Click the connections tab
Select the REST Web-Service Connection and Environment you want to enable Mutual Authentication (Note this feature is only available for REST Web-Service connections)
Select the “On” Radio button under the “Mutual Authentication” Header and click Save Edits

Note all requests made through this connection and environment will now utilize Mutual Authentication.

Test Mutual Authentication is working properly¶

The last step is to ensure that outbound requests from Acquia Journey are properly authenticated with the client. To test this, set up a graph that uses the REST Web-Service connection and run the graph visually in the environment that is configured for Mutual Authentication. If the connection succeeds, then Mutual Authentication is working correctly. If it fails - typically with a 401 Unauthorised response, the Visual Testing Console will display the error message that was received when trying to call the internal business application.

Looking for something?