Setting Security Options
Security options control access to a TIBCO Scribe® Online Organization. An Organization can be accessed directly by users, or by other software via the API or an Endpoint URL.
Note: Changes to Security options may take several minutes to take effect.
From the Security page for each Organization, you can:
- Create Security rules for access to the TIBCO Scribe® Online API and TIBCO Scribe® Online Endpoint URL for Adding Or Editing An Integration Event Solution.
- Copy or reset the Event Solution access token for the Scribe Endpoint URL. This option is only for Event Solutions.
- Copy or reset the cryptographic token for the TIBCO Scribe® Online API.
- Determine whether you want to store source data for record errors in the cloud or on the computer where the On-Premise Agent is installed.
Organization Security Settings
Creating Security Rules
Use security rules to restrict access within an Organization for the TIBCO Scribe® Online API and TIBCO Scribe® Online Endpoint URLs to specified IP addresses or address ranges.
To use an Event Solution, you must create at least one rule to allow the specified IP addresses to access the TIBCO Scribe® Online Endpoint URL.
Important: When an Event Solution runs, TIBCO Scribe® Online sends a response to Messages or Requests for data from any one of three static IP addresses. Configure your Proxy Server, Firewall, or other network security devices to allow responses from these IP addresses to access your network. Static IP Addresses include:
- 54.204.16.213
- 54.83.47.195
- 23.23.251.57
- Select More > Security from the menu.
- From the Security page, select Add . A new row displays in the Rule table.
- Select the Rule name and enter a name for the rule.
- Select the options for which you want to grant access:
- API Access — Grant access to the TIBCO Scribe® Online API for the selected IP address range. If selected, TIBCO Scribe® Online can access any TIBCO Scribe® Online feature that requires API access including Event Solutions and History.
- Event Solution Access — Allow the selected IP addresses to access the TIBCO Scribe® Online Endpoint URL. Selecting this check box allows TIBCO Scribe® Online to access the URLs generated in Event Solution Message and Request/Reply Maps.
- Enter a starting and ending range of public IP addresses for which you want to allow access.
Note: To allow access to a single IP address, specify that address as both the starting and ending address.
Whitelisting IPv6 addresses is not supported. If you enter the entire IPv4 range of 0.0.0.0 to 255.255.255.255, IPv6 traffic can also access TIBCO Scribe® Online, however this does pose a security risk by removing the firewall into your TIBCO Scribe® Online Organization.
- If required, create more rules for this Organization. When you are done, select Close to exit.
Event Solution Access Token
Event Solutions use a REST-based web service to allow access to TIBCO Scribe® Online from outside sources. The first time you save an Event-based Message or Request/Reply Map, TIBCO Scribe® Online generates a unique Endpoint URL along with an access token.
When you create additional Maps for Event Solutions, each Map has a unique Endpoint URL, but shares the access token across the Organization.
In general, you do not need to reset the access token. However, if security at your site is compromised, or your company policy requires it, select Reset to change the Access Token.
Note: When you reset the Access Token, the change is propagated to any Event Solution Maps. However, you must to change the Access Token for any source code that uses the Scribe web service.
API Cryptographic Token
Use this token to encrypt or decrypt Connection properties when reading, creating, or modifying Connections using the TIBCO Scribe® Online API. For additional information on the use of this token see the Connection Properties section of the TIBCO Scribe® Online API Help.
- Highlight and copy the token to your clipboard.
- Select Reset to generate a new token. If you generate a new token, you must update the token embedded in any software used to read or write Connection property data through the TIBCO Scribe® Online API.
Storing Source Data For Failed Records
When using TIBCO Scribe® Online with an On-Premise Agent, you can choose to store source data for failed records either in the cloud or on the computer where the TIBCO Scribe® Online On-Premise Agent is installed. The default is to store source data for failed records in the cloud.
Note: Source data for failed records is kept for 45 days regardless of where it is stored. After 45 days, it is removed and is no longer available for reprocessing.
- To store source data for failed records on the computer where your Agent is installed, enable Only store source data on Agent from the Security page.
When this setting is first enabled, there may be a short delay before the change takes effect. Wait a few minutes before executing the next Solution. Selecting this option ensures that your source data is never stored in the cloud. However:
- You can only reprocess source data for failed records for a Solution with the Agent that originally ran the Solution.
- The size of the Agent database is limited. When that limit is reached, source records are deleted starting with the oldest and, therefore, may not be available for reprocessing.
- From the Execution History details page, source data does not display for failed records.
Note: Changing the Only store source data setting does not affect the data in Solutions that have already run or are currently running. Changes are only made to future executions of Solutions for this Organization.
- If Only store source data on Agent is disabled:
- Source data for failed records is stored in the cloud
- Source data for failed records is visible from the Execution History screen.
- You can reprocess errors with any Agent in that Organization.
- Default setting for this option to be disabled.
Note: For Cloud Agents, source data is always stored in the Cloud.
Related Topics
Adding Or Editing An Integration Event Solution