Secrets

1:00 min
Intro

Each plugin in Luzmo requires a secret. This secret is a secondary security measure which is meant to make sure that only you or Luzmo accesses your plugin. Any third party access should be blocked by verifying the secret.

When you register your plugin, your secret will be shown and you can save it somewhere. You can also retrieve it later on by going to your plugin in the cumul.io UI.

In every request that Luzmo sends to your plugin, it will include an X-Secret header containing the secret provided.

As we mentioned in this part of the course, a Luzmo plugin consists of 4 endpoints. To implement this extra layer of security, you need to check in each of these endpoints whether the content of the X-Secret header matches the secret that Luzmo provides you. An example in NodeJS would be:

app.post('/exchange', (req, res) => {
  validateSecret(req.headers.['X-Secret'])
}
app.post('/authorize', (req, res) => {
  validateSecret(req.headers.['X-Secret'])
}
app.get('/datasets', (req, res) => {
  validateSecret(req.headers.['X-Secret'])
}
app.post('/query', (req, res) => {
  validateSecret(req.headers.['X-Secret'])
}


const validateSecret( secret ) {
    if ( secret !== process.env.LUZMO_SECRET ) {
      throw errors.unauthorizedError( 'Could not validate secret' )
    }
 }
Previous
Next

Need more information?

Do you still have questions? Let us know how we can help.
Send us feedback!

Course Outline

Getting started
Security
Exposing your datasets
Exposing your data
Testing