Like Jitsu? Give us a star on ⭐ GitHub!

πŸ“œ Server Configuration

πŸ‘©β€πŸ”¬ Extending Jitsu

Overview
Destination Extensions
API Specs

Jitsu Internals

Authorization

Jitsu has two types of authorization: API Keys (client/server secrets) and admin token.

API Keys (client/server secrets) authorization

All incoming events should pass client/server secrets authorization depends on the endpoint type:

  • /api/v1/event - client secret authorization;
  • /api/v1/s2s/event - server secret authorization.

Secrets objects configuration has all fields optional:

FieldTypeDescription
idstringUnique identifier of secrets object
client_secretstringClient token is used in client endpoint authorization
server_secretstringServer token is used in server endpoint authorization
originsstring arrayAn array of allowed request origins. Values can be with wildcard e.g. "abc*" will allow requests from abc.com, abcd.com, etc.

Jitsu supports ****reloadable client/server secrets authorization configuration from an HTTP source, from a local file, and from YAML structure in app config.

YAML configuration

Authorization can be configured via YAML array of objects.

server:
  ...

api_keys:
  - id: unique_tokenId
    client_secret: bd33c5fa-d69f-11ea-87d0-0242ac130003
    server_secret: 5f15eba2-db58-11ea-87d0-0242ac130003
    origins:
      - '*abc.com'
      - 'efg.com'
  - id: unique_tokenId2
    client_secret: 123jsy213c5fa-c20765a0-d69f003
  - id: unique_tokenId3
    server_secret: 231dasds-3211kb3rdf-412dkjnabf

destinations: ...

Also, API Keys can be configured via plain string. In this case, plain string will be parsed as client secret.

server:
  ...

api_keys: 193b6281-f211-47a9-b384-102cf4cd2d55 #client secret

destinations: ...

HTTP URL

server:
  api_keys_reload_sec: 30
  ...

api_keys: 'https://token-source.com/path'

destinations: ...

Authorization will be reloaded every api_keys_reload_sec seconds. Default value is 3 seconds.

HTTP requests are sent with If-Modified-Since header. If HTTP response returns 304 code authorization isn't reconfigured. If authorization content was changed (or logic isn't supported) - HTTP response must return 200 code, Last-Modified header, and body with the following structure:

{
  "tokens": [ #array of json objects
    {
      "id": "uniq_id_1",
      "client_secret": "123dasbc",
      "server_secret": "abcc22",
      "origins": ["abc.com", "*.yourdomain.com"]
    }
  ]
}

Local file

Tokens file must have the same payload as the HTTP response body above.

server:
  api_keys_reload_sec: 30

api_keys: 'file:///home/eventnative/data/config/tokens.json'

destinations: ...

Admin token authorization