Security considerations when POSTing from outside a firewall

Most of what I’ve seen pertaining to authentication for rest calls refers to database access. How would one also communicate authentication to the firewall in the same HTTPS command? I’m looking at two applications here:

  1. Log an email sent from a smartphone. I’m thinking an app on the phone would generate the REST call (this would be a POST request).
  2. In a customer portal submit GET requests for customers to check orders, service tickets (cases), etc.

Look into a reverse web proxy scenario. My preference is for some middleware to handle the requests and sit between Epicor and your other application.

3 Likes

Aaron my apology for delving into ancient history. I had to let this project sit over the summer and was finally able to return. What would a web proxy or middleware gain you over putting REST directly into my app, assuming I also have DNS (access through firewall) and an SSL setup?

1 Like

Are you using these as a buffer instead of directly exposing the database to the outside world?

We use Azure Hybrid Connection

Thanks Haso.

@tkueppers and Haso, would something like a hybrid connection app service work natively with the apps epicor makes such as mobile warehouse and mobile crm and the epicor environment itself? Or is this something that would have to be programmed for within the source and target applications in order for this handoff to work?

In other words, what, if anything, in this diagram is epicor? I assume that nothing is handling the authentication from the relay in Epicor, rather something on the network outside of epicor receives the request from the relay and then posts the rest call, right?

An Azure relay won’t help us if we’re on prem … or am I missing something?

You are missing something. That box on the right is the on premises as I understand it. It looks like something that gets the request from the relay and then I don’t know what you do after that. I think you use it in an application to do something?

image

That was my question to Haso, what do you do with that now, do you have to build something custom to consume that handoff and make a request or can I natively use Epicor and Epicor apps with this relay technology? Additionally, where does epicor sit in this diagram? Is it in the on premises box if we are on prem?