Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Work in progress Feb 17 2023

Use case

For many reasons, farm data can be sensitive. Part of our commitment to our users is that their data should default to private unless they explicitly share it. One use case where this is particularly important, is when the users answers additional survey questions for their certifying body via the SurveyStack iFrame via the certification export flow. The expectation of the farmer in this case is that data is only shared with:

  • LiteFarm

  • their certifying body

To ensure this, we need to make sure data transmitted to their certifying body in SurveyStack is only visible to LiteFarm and the certifier in transit and at rest.

Current situation

As of February 2023, the connection with SurveyStack (see LF-1558 - Getting issue details... STATUS for more information) only works if all of the questions and attributes of the survey are public. The moment a question is set to “Private”, we’re no longer able to access the question or answer.

Desired state

Moving forward, we need to support the ability to:

  • View private surveys and survey fields in LiteFarm (via the iFrame)

  • Create export documents with private SurveyStack fields

Solutions

The only individuals that are able to view private question submissions in SurveyStack are:

  1. The submitter

  2. An administrator on the group that owns the survey

Since surveys will be anonymously submitted from LiteFarm, that leaves only the second option as viable. Via the UI, administrative access is proven by logging in and having an auth token stored in the browser local storage (see auth_header in the image below):

However, since we’ll be interacting with SurveyStack via the API, we’ll need to pass this as a “bearer token” to SurveyStack instead:

Within this solution, there are 2 paths we could take:

  1. As recommended by Greg Austic of Our-Sci (the makers and maintainers of SurveyStack): Have all certifiers create their surveys with sub-groups under the LiteFarm group (see image). With this approach, administrators within the LiteFarm group would automatically have administrator access to all sub-groups and all surveys (and fields) created within each sub-group. Using this approach, there would be a single auth_token used to access all SurveyStack survey submissions for LiteFarm - regardless of the survey.

2. Alternatively, we could allow each certifier to have their own SurveyStack instance. In this case, they would just need to invite (someone at) LiteFarm as an administrator. We would then log in, grab the auth_token associated with that user and augment our certifiers table with an auth_token column (as shown in the image below). Using this approach, there would be a single auth_token for each certifying body.

Shape of the query

The query to retrieve the JSON for a particular submission appears as follows:

https://app.surveystack.io/api/submissions?survey={survey_id}&match={"_id":{"$oid":"{submission_id}"}}

Example:

https://app.surveystack.io/api/submissions?survey=60f615459a6b1c00012ee41e&match={"_id":{"$oid":"63ee860f3f453c000128a2c9"}}

Background

gbathree  1:48 PM
Hey guys, Kevin from LiteFarm is querying surveys they are using from their DB - he had a question about authentication (the surveys contain some private data)

Kevin Cussen  1:49 PM
Howdy!

1:52

I was hoping to get some help with one of our use cases

1:52

LiteFarm is making a callout to https://app.surveystack.io/api/submissions/...

1:53

We'd built the integration assuming surveys would be public and now we're seeing folks making private ones

1:54

So Greg suggested rather than passing in a token (which would take time for us to build) you might be able to just whitelist or server or some such

1:54

Does that make sense?

December 5th, 2022

Manuel Härdi  12:47 AM
Hi Kevin,"We'd built the integration assuming surveys would be public and now we're seeing folks making private ones"by saying "folks making private ones", you mean that your callout to https://app.surveystack.io/api/submissions/ does not return all survey data but only those parts not being defined as PRIVATE in the survey definition in surveystack?

gbathree  5:37 AM
Yes that's what he's talking about

5:38

Their server needs a token (at least that's one way to solve the problem)

Kevin Cussen  8:59 AM
Correct @Manuel Härdi

8:59

So if you point us to documentation on access and refresh tokens, we can do thatt

9:00

Or if there's something else you are able to do that wouldn't require engineering time, I'm all ears too

gbathree  9:00 AM
(or @will if you seeing this)

Manuel Härdi  2:07 PM
Most common solution would be to just add the auth header when calling surveystack. Thats a userid and a token (i'll supply docs). Depending on the use case, the auth credentials you use are system wide and fixed, or defined per user in its profile settings (edited) 

Kevin Cussen  2:08 PM
For our case, it would be per certifier

2:08

So I assume we'd just need to hold an extra column in our certifier table for access / refresh tokens

2:09

image.png 

Manuel Härdi  2:11 PM
Makes sens, though you wont need a refresh token (our auth mechanism is more like in Slack, as opposed to OAUTH

Kevin Cussen  2:13 PM
OK

Manuel Härdi  2:13 PM
Often thats called API KEY

2:13

You could certainly use that new col for other integrations

Kevin Cussen  2:14 PM
Do you have doc on that / those endpoint(s)?

Manuel Härdi  2:14 PM
Yep, i'll provide it later as i'm on the road.

Manuel Härdi  2:16 PM
Btw only alternative to auth i can think of: prevent surveys from having private data - but i guess you can't influence that?

2 repliesLast reply 2 months agoView thread

December 6th, 2022

Manuel Härdi  6:14 AM
How to define the request header:Requst url example: GET http://app.surveystack.io/api/submissions?survey=60d20b292f38fe0001916497
header key: Authorization
header value format: email token
header value example: test@test.com 6575c307-de99-4df9-876a-c78571ee86c7There's no place in the UI yet where that token could be copied by users, we could add that if required@will feel free to comment / correct (edited) 

December 9th, 2022

Kevin Cussen  4:57 PM
Could we meet early next week? I'd like to better understand how we could retrieve the token.

4:58

The use case is this: We want the survey itself to be available to view and input data into without any credentials. Once a user submits a survey, that data should then be hidden.

4:59

We would like to be able to use the token of the survey creator (not the users that fill out the survey) to log-in and get the data.

December 10th, 2022

gbathree  10:32 AM
The user need to submit to your organization, in which case your orgs admins can see the results.  So you just need a token for an admin of your group.1

10:33

We are reevaluating the group permissioning structure so I do understand there's some improvement there on our part

10:33

So for example a token for your user would work

December 12th, 2022

Kevin Cussen  10:28 PM
OK, so we could have one administrator token for each certifying body and whenever a user submits to that certifier, they submit via that certifiers token (names would be included in the submission documents - so no confusion about the submitter). We would then retrieve the data also using the administrators token. Do I understand correctly?

  • No labels