Regarding Anaplan Connect Whitelisting - API/Autho Services.

Dear Team ,

 

I am working with Anaplan Connect to Import/Export files from server. Due to Security policy my client is not willing to Whitelist below both services.

api.anaplan.com & auth.anaplan.com . where as they are suggesting to use proxy and port in my Script .

 

Could you please help and suggest me on this since i am not aware about other way apart of whitlisting api.anaplan.com & auth.anaplan.com  .

Kindly suggest me how to Execute the Script without mentioning the service and by writing Proxy and port setting in script.

 

awaiting your kind favor on subject matter.

Warm Regards

Shailneder dubey

 

 

Answers

  • you can argue with them that them whitelisting a proxy that is then free to do anything is far less secure than whitelisting the official anaplan URLs.

  • Dear Nathan ,

     

    Appreciate your favor , But seems security team is not willing to whitelist the Anaplan URL . Whereas they suggested in below two Approach .

    Kindly Advice how to proceed with below option provided by them in script?

    Option 1 :

    1. Data Power path
    Anaplan Connect -> www.XXXX.ws.ABC.com/API & www.XXXX.ws.ABC.com/AUTH -> api.anaplan.com & auth.anaplan.com
    - No proxy config

    Can we use a different url like www.XXXX.ws.ABC.com/API instead of api.anplan.com in the script. The URL www.XXXX.ws.ABC.com/API will convert to api.anaplan.com when it hits the internet.

     

    Option 2 : 

    Zscalar Proxy path
    Anaplan Connect -> api.anaplan.com & auth.anaplan.com (via zproxy.ABC.com on port XXXX)
    - zproxy.ABC.com

     

    So,If we want to use api.anaplan.com and auth.anaplan.com can we mention proxy and port in the script somewhere. 

     

    Kindly Advice!

     

    Warm Regards

    Shailender dubey

  • If you specify a proxy URL using the "-via" option, Anaplan Connect will create a tunnelled connection through that proxy. Some proxies require authentication, and there is an additional option to pass credentials.

  • Hi @Shailendr ,

    Yes you can define the proxies in the script and use it when you are using the get request for api.anaplan.com

    To get the proxies use the below code.

    import urllib.request

    proxies = urllib.request.getproxies()

    print(proxies)

     

    define a new function as shown below :

    def get_proxies():
    return {
    'http': 'http://domainame/username:password@proxyIP:port', 'https': domainame/username:password@proxyIP:port',
    'ftp': 'ftp://domainame/username:password@proxyIP:port'
    }

    Note : If the password contains special characters then you have to percent encode it.

    Now while hitting a get request or Put request or post request use the below code to call the proxies.

    url = 'https://auth.anaplan.com/token/authenticate'

    request = request.post(url,headers=headers,data= data,proxies=get_proxies())

     

    Note : The above code is not intended please make sure you intendent it properly.

    Regards,

    Riyaz Pasha

  • Dear Ben ,

    Hope you are doing great , as per my query on whitelisting . I found ever using Proxy we are mentioning the yellow highlighted in script as shown in attachment. Does it mean even if we use Proxy we need to pass these parameter in script?

    Kindly Advice how to write Import script with Anaplan Connect . where we did not whitelisted the services API/AUTH.

    Appreciate your great favor!

     

    Warm Regards

    Shailender Dubey

     

     
     

     

  • Hi Shailender,

     

    I have helped customers in the past write scripts through a proxy. If you email support@anaplan.com they should be able to find similar cases where we have helped write a customer script through a proxy.

     

    Though whitelisting domains should be the first option if possible.