Configuring the Connection

Although Janrain will handle most of the ProfileSync setup and configuration, you will have to make several decisions (and carry out an activity or two) regarding your network connection. In particular, you need to:

  • Specify the methods used by the target API. You can choose between an HTTP request, a SOAP request, or an sFTP "drop." (An sFTP drop gives ProfileSync permissions to copy files to the sFTP server, but does not provide permissions to read or to modify those files after they have been copied.)

    Note that, by default, ProfileSync typically transfers data as a JSON file. However, you can optionally choose to have data transferred as an XML or SOAP object.
     
  • Configure a publicly-accessible endpoint where ProfileSync can push data. Allowed protocols for this endpoint include REST API, SOAP, Amazon S3, or SFTP.
     
  • Determine the authentication method to be employed by ProfileSync. It's recommended that you use OAuth 2.0 on a TLS network. However, you can optionally use Basic authentication, an API key in the header, or a digital signature.

When planning security for ProfileSync, keep in mind that the application is cloud-based; because of that, security between ProfileSync and your target API cannot be based on source IP address (a security approach, also known as data origin authentication, in which a specific entity is identified as the source for a given piece of data). As a container-based technology, IP addresses assigned to ProfileSync are highly-volatile: at best, an IP address is only good for 15-to-90 minutes before being changed. This effectively makes it impossible to use source IP address as a security measure.

However, you can"bridge" on-premise security (including IP address whitelisting) with OAuth-based cloud security. If you do this, your API bridge must be accessible from the cloud and should perform the OAuth token handling and key discovery. To avoid potential data loss and data restoration issues, the API bridge should also be configured as a simple pass-through and should not persistently store ProfileSync updates.