Fixing Webtask Code

Webtask token can restrict the webtask code owner can run

For customized documentation and ready to run samples, please log in.

You can create a webtask token that is restricted to only execute specific webtask code. This capability is useful when you want to create a webtask token that is specific to a particular application or a user and restricts what that application or user can do in a webtask cluster.

You can create a webtask token restricted to only execute webtask code at a paricular URL by specifying the url restriction as part of the webtask token request.

You can use curl to make a webtask token request that creates a new webtask token which only allows executing code from a given URL:

export RESTRICTED_TOKEN=$(curl -s https://webtask.it.auth0.com/api/tokens/issue -H "Authorization: Bearer {webtask_token}" -H "Content-Type: application/json" --data-binary '{"url":"http://bit.ly/18L4CmA"}')  

Using such token does not require the owner to provide or identify the webtask code at all, since that information is already stored in the token itself. This is how you can use curl to execute a webtask using the restricted token issued by the code above:

curl https://webtask.it.auth0.com/api/run/{webtask_container}?name=Tomek -H "Authorization: Bearer $RESTRICTED_TOKEN" -X POST

NOTE the webtask request that uses tokens with fixed webtask code can still use URL query parameters to pass data to the webtask code, therefore allowing for customized behavior. For example, you can create a webtask token with fixed code that sends SMS messages, but the message itself can be specified by the application using this restricted token at the time of making the webtask request.