Best Of

In the ever-evolving landscape of technology, secure communication between platforms is paramount. The Anaplan REST API offers a robust way to connect and interact with the Anaplan platform, and one of the most secure methods of authentication is through certificate-based authentication. In this article, we'll delve into the process of using the Anaplan REST API with certificate-based authentication, exploring the concepts and techniques involved.

1. Understanding Certificate-Based Authentication

Certificate-based authentication involves the use of a digital certificate and private key to establish trust between parties. In the context of Anaplan's REST API, this method ensures a secure connection while exchanging data. Learn more about how Authentication with CA Certs work as well as view the Authentication Service API documentation. If you need a certificate, then please check out the CA Certificate Quick Start Guide using Sectigo.

2. PEM Format: The Key to Success

Before we delve into the authentication process, it's essential to ensure that your public certificate and private key are in the PEM (Privacy Enhanced Mail) format. This widely used format ensures compatibility and security during data exchange.

3. Authentication API Request Structure

To generate the authentication token, your API request should have the appropriate header and body components:

Header: Include your public certificate (.pem), encoded in base64.
Body: Comprises a JSON structure containing two strings.

• encoded_string: A randomly generated string of at least 100 bytes, encoded in base64.
• Encoded_signed_string: This string is the "encoded_string" signed by your private key and then base64 encoded.

Here's an example of the JSON structure for the request body:

{
    "encodedData": "2wiKPoVqz0ZheVU8T+CqoR82WsVfDIb3bc...",
    "encodedSignedData": "hnbAWqqOob5RrAlqMyLbuUvkpK0Bfe9hm3Ml..."
}

4. The Role of Base64

Base64 encoding is crucial in this process, as it converts binary data into a printable text format. This transformation enables the secure transport of data over protocols or mediums that might not handle binary data formats.

5. Ensuring Secure Communication

The combination of base64-encoded data and the certificate-based authentication method guarantees secure communication with the Anaplan platform. This is especially important when dealing with sensitive information.

6. Approach 1: Simple Browser-Based Solution

For an effortless way to generate the required strings, you can use our downloadable RSA Signer in a handy downloadable ZIP file. Once the files have been downloaded and unzipped, open the index.html file. You are then presented with an interface that allows you to paste your public certificate and private key. It then generates the necessary encoded strings, which you can directly use in your API request (i.e. Postman).

Note: The RSA Signer.zip must be extracted/unzipped first with both files contained in the same directory after extraction.

Note: The RSA Signer currently does not support ENCRYPTED private keys (keys encrypted with a pass phrase). Decrypt the key using a tool like OpenSSL first before generating the auth strings in the RSA Signer.

7. Approach 2: Python Implementation

If you prefer a programmatic approach, here's a link to a comprehensive guide to using the Anaplan Certificate with Python to generate the required strings for your Anaplan API request. This solution is compatible with Python 3.11.1 and later versions.

8. Incorporating Certificates with Anaplan: A Productive Endeavor

As organizations strive for tighter security and efficient integration, certificate-based authentication emerges as a dependable solution. By implementing the methods discussed in this article, you'll be better equipped to seamlessly and securely connect your systems with the Anaplan platform.

Incorporating certificates into your Anaplan integration can appear complex, but armed with the knowledge of these two approaches, you're well on your way to a more secure and streamlined integration process. Stay ahead in the world of secure communication and data exchange with Anaplan's REST API and certificate-based authentication.

Authors: Quin Eddy, @QuinE & Adam Trainer, @AdamT - Operational Excellence Group (OEG)

Hi @QuinE, further to the comments from @Satesh, apart from the "-process" needing to be corrected, I believe the creation of the File Upload part of the script should be done prior to the "-process…" part of the script so that any process that requires any source files to be loaded will do the loading of the source file prior to running the process.

To do this in the current script generator, the user will have to complete and ADD the File Uploads section first before doing the Processes section to get the order correct. This said, it would be good to either swap the order of the Process and File Uploads tab in the script generator OR leave the tabs as is but always create the script so that the file upload script is always created prior to creating the "-process" part of the script when running the script generator.

Thanks again for creating the script generator as it simplifies the process for creating the script and once you have amended it for the above things then it will be even better as there would be no need for any manual intervention once the script is generated.