Use case
For many reasons, farm data can be sensitive:
Background
gbathree 1:48 PM
Hey guys, Kevin from LiteFarm is querying surveys they are using from their DB - he had a question about authentication (the surveys contain some private data)
Kevin Cussen 1:49 PM
Howdy!
I was hoping to get some help with one of our use cases
LiteFarm is making a callout to https://app.surveystack.io/api/submissions/...
We'd built the integration assuming surveys would be public and now we're seeing folks making private ones
So Greg suggested rather than passing in a token (which would take time for us to build) you might be able to just whitelist or server or some such
Does that make sense?
December 5th, 2022
Manuel Härdi 12:47 AM
Hi Kevin,"We'd built the integration assuming surveys would be public and now we're seeing folks making private ones"by saying "folks making private ones", you mean that your callout to https://app.surveystack.io/api/submissions/ does not return all survey data but only those parts not being defined as PRIVATE in the survey definition in surveystack?
gbathree 5:37 AM
Yes that's what he's talking about
Their server needs a token (at least that's one way to solve the problem)
Kevin Cussen 8:59 AM
Correct @Manuel Härdi
So if you point us to documentation on access and refresh tokens, we can do thatt
Or if there's something else you are able to do that wouldn't require engineering time, I'm all ears too
gbathree 9:00 AM
(or @will if you seeing this)
Manuel Härdi 2:07 PM
Most common solution would be to just add the auth header when calling surveystack. Thats a userid and a token (i'll supply docs). Depending on the use case, the auth credentials you use are system wide and fixed, or defined per user in its profile settings (edited)
Kevin Cussen 2:08 PM
For our case, it would be per certifier
So I assume we'd just need to hold an extra column in our certifier table for access / refresh tokens
image.png
Manuel Härdi 2:11 PM
Makes sens, though you wont need a refresh token (our auth mechanism is more like in Slack, as opposed to OAUTH
Kevin Cussen 2:13 PM
OK
Manuel Härdi 2:13 PM
Often thats called API KEY
You could certainly use that new col for other integrations
Kevin Cussen 2:14 PM
Do you have doc on that / those endpoint(s)?
Manuel Härdi 2:14 PM
Yep, i'll provide it later as i'm on the road.
Manuel Härdi 2:16 PM
Btw only alternative to auth i can think of: prevent surveys from having private data - but i guess you can't influence that?
...
2 repliesLast reply 2 months agoView thread
December 6th, 2022
Manuel Härdi 6:14 AM
How to define the request header:Requst url example: GET http. Part of our commitment to our users is that their data should default to private unless they explicitly share it. One use case where this is particularly important, is when the users answers additional survey questions for their certifying body via the SurveyStack iFrame via the certification export flow. The expectation of the farmer in this case is that data is only shared with:
LiteFarm
their certifying body
To ensure this, we need to make sure data transmitted to their certifying body in SurveyStack is only visible to LiteFarm and the certifier in transit and at rest.
Current situation
As of February 2023, the connection with SurveyStack (see
| Jira Legacy | ||||||
|---|---|---|---|---|---|---|
|
...
Desired state
Moving forward, we need to support the ability to:
View private surveys and survey fields in LiteFarm (via the iFrame)
Create export documents with private SurveyStack fields
Solutions
The only individuals that are able to view private question submissions in SurveyStack are:
The submitter
An administrator on the group that owns the survey
Since surveys will be anonymously submitted from LiteFarm, that leaves only the second option as viable. Via the UI, administrative access is proven by logging in and having an auth token stored in the browser local storage (see auth_header in the image below):
...
However, since we’ll be interacting with SurveyStack via the API, we’ll need to pass this as a “bearer token” to SurveyStack instead:
...
Within this solution, there are 2 paths we could take:
As recommended by Greg Austic of Our-Sci (the makers and maintainers of SurveyStack): Have all certifiers create their surveys with sub-groups under the LiteFarm group (see image). With this approach, administrators within the LiteFarm group would automatically have administrator access to all sub-groups and all surveys (and fields) created within each sub-group. Using this approach, there would be a single auth_token used to access all SurveyStack survey submissions for LiteFarm - regardless of the survey.
...
2. Alternatively, we could allow each certifier to have their own SurveyStack instance. In this case, they would just need to invite (someone at) LiteFarm as an administrator. We would then log in, grab the auth_token associated with that user and augment our certifiers table with an auth_token column (as shown in the image below). Using this approach, there would be a single auth_token for each certifying body.
...
Shape of the query
The query to retrieve the JSON for a particular submission appears as follows:
https://app.surveystack.io/api/submissions?survey={survey_id}&match={"_id":{"$oid":"{submission_id}"}}
Example:
| Code Block | ||
|---|---|---|
| ||
https://app.surveystack.io/api/submissions?survey= |
...
December 9th, 2022
Kevin Cussen 4:57 PM
Could we meet early next week? I'd like to better understand how we could retrieve the token.
The use case is this: We want the survey itself to be available to view and input data into without any credentials. Once a user submits a survey, that data should then be hidden.
We would like to be able to use the token of the survey creator (not the users that fill out the survey) to log-in and get the data.
December 10th, 2022
gbathree 10:32 AM
The user need to submit to your organization, in which case your orgs admins can see the results. So you just need a token for an admin of your group.1
...
We are reevaluating the group permissioning structure so I do understand there's some improvement there on our part
So for example a token for your user would work
December 12th, 2022
...
60f615459a6b1c00012ee41e&match={"_id":{"$oid":"63ee860f3f453c000128a2c9"}} |
Work to be done
Two pieces of work here:
A decision: decide which solution (of those outlined in https://lite-farm.atlassian.net/wiki/spaces/LITEFARM/pages/1271889935/Allow+LiteFarm+to+access+private+SurveyStack+data#Solutions or proposed as an alternative) to move forward with
To augment the current communication between LiteFarm and SurveyStack to provide authenticated movement of data. This may potentially include augmenting the schema as well.