/ /

Secure API automation with Profile field mapping

Updated 4 months ago

Overview

We have introduced the Profile field mapping feature that allows you to improve the security and efficiency of your API actions within Simpplr. This feature enables you to connect specific non-configurable parameters in your API actions to user profile fields. By doing so, sensitive or user-specific information, such as email addresses or employee IDs, is automatically and securely passed to third-party APIs, streamlining processes while maintaining strict control over data access.

When to use Profile field mapping

This feature is particularly useful in several scenarios. For instance, you can use it to automatically populate a parameter, like a user ID or email, with data from the logged-in user’s profile, ensuring the API action pulls the correct information without manual input. It’s also ideal for preventing end users from altering the value of critical parameters, safeguarding against errors or unauthorized access. Additionally, this feature supports synchronization of specific fields, such as third-party application IDs, when using user provisioning methods like CSV import, SCIM, or API-based user syncing.

Key features

  • Non-configurable parameters only: Profile Field Mapping is available exclusively for parameters designated as non-configurable during the API Action setup. This restriction ensures that only predefined, secure parameters can be linked to user profile fields.

  • Non-editable profile fields: You can only map parameters to profile fields that are marked as non-editable in the application. These fields are managed through the "Manage integrations > User syncing" section, ensuring that only secure data is used.

  • Locked profile fields: Once a profile field is mapped to a parameter, it becomes locked and cannot be made editable. This security measure prevents users from modifying the field’s value, which could otherwise lead to unintentional or unauthorized access to another user’s data.

Automatic parameter population

When an API action is triggered, such as through an App tile, the application automatically populates the mapped parameter with the corresponding value from the user’s profile field. This seamless process reduces manual input and enhances efficiency.

Example use cases

This feature supports a variety of practical applications, including:

  • Fetching tasks from a task management application: Map the "userEmail" parameter to the user’s work email field to automatically retrieve tasks associated with the logged-in user’s email address.

  • Accessing timesheets in a third-party application: Map the "externalUserId" parameter to a Timesheet system ID field to securely query time logs using a synchronized external ID.

  • Retrieving personalized reports: Map the "userId" parameter to an Employee ID field to ensure that only the relevant user’s data is fetched for personalized reports.

How to set up profile field mapping

To configure this feature, follow these steps:

  1. Create or Edit an API Action: Start by creating a new API action or editing an existing one in draft state.

  2. Mark Parameter as Non-configurable: In the Parameters section, designate the relevant parameter as non-configurable.

  3. Map to profile field: Once the parameter is set as non-configurable, a "Map to profile field" option will appear. Select this option.

  4. Choose a frofile field: Pick a non-editable profile field from the list of available options.

  5. Save and test: Save the API action and test it to ensure the mapping works as expected.

By following these steps, you can set up Profile Field Mapping to enhance the security and automation of your API actions, ensuring a smooth and secure user experience.

Was this article helpful?
Subscribe to receive updates on this article