Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Security

Workflow servers sit between the Ebbot platform and external systems. That makes them security-sensitive by default: they handle credentials, receive inbound events, and perform side effects in other systems.

This page summarizes practical security guidance for workflow servers built with this SDK, with extra focus on API keys, predictable actions and triggers, and common OWASP risks.

Threat Model First

Before building an integration, identify:

  • What secrets the server stores or forwards.

  • Which endpoints accept inbound traffic from external systems.

  • Which actions can create, update, or delete data.

  • Which triggers can be abused to inject fake or replayed events.

  • What happens if a connection is misconfigured or compromised.

The goal is simple: minimize trust, minimize blast radius, and make every side effect explicit.

API Key Rules

Apply these rules to every API key or token your workflow server handles:

  • Use the narrowest scopes possible. If an action only needs to read tickets, do not ask for write or admin scopes.

  • Prefer short-lived credentials where the upstream system supports them, and have a rotation process for long-lived secrets.

  • Keep track of which connection or tenant a credential belongs to, and log security-relevant usage without logging the secret itself.

  • Protect secrets in transit and at rest: keep them in Secrets, not Options; use HTTPS; and never return secrets in action results, trigger payloads, logs, or error messages.

Practical guidance:

  • Put confidential values in the Secrets model, never in Options.

  • Do not hardcode API keys in source code, examples, tests, or local scripts.

  • Do not copy secrets into trigger options, action arguments, or response payloads.

  • Redact secrets from logs and exception messages.

  • Treat dynamic field metadata with care: info= should not expose secret values in labels, descriptions, or options.

Actions Without Hidden Surprises

An action should do exactly what its name and docs say it does.

Design actions so that they are:

  • Explicit: the display name, description, docs, and argument docs should make the side effect obvious.

  • Narrow: prefer create_ticket and close_ticket over a single vague manage_ticket action.

  • Validated: enforce input schemas strictly and reject malformed or unexpected arguments.

  • Bounded: cap payload sizes, pagination sizes, time windows, and batch sizes.

  • Safe by default: avoid destructive behavior unless it is clearly intended and documented.

Avoid hidden surprises such as:

  • A "lookup" action that also writes data.

  • An action that mutates several remote resources when the user expects one change.

  • Silent fallbacks to broader permissions, different tenants, or default resources.

  • Returning raw upstream responses that may contain secrets or internal metadata.

Recommended action checklist:

  • Document the exact side effect.

  • Validate every argument with Pydantic models.

  • Require only the specific env and secrets fields the action needs.

  • Return a minimal result schema.

  • Define clear error schemas for expected failures.

  • Make retries safe where possible, or document when an action is not idempotent.

Triggers Without Hidden Surprises

Triggers should only dispatch real, verified events.

For inbound webhook-style triggers:

  • Authenticate the sender. Verify signatures, bearer tokens, shared secrets, or mTLS depending on what the upstream system supports.

  • Reject unauthenticated requests before doing any expensive work.

  • Protect against replay attacks with timestamps, nonces, delivery IDs, or equivalent upstream metadata.

  • Validate the payload shape before dispatching.

  • Dispatch only the fields subscribers actually need.

  • Keep the payload stable and predictable. Subscribers should not have to guess which fields may appear.

For subscription setup:

  • Use Options and Secrets only for values genuinely needed per subscription.

  • If events.on_created(...) provisions upstream webhooks, ensure the callback URL is correct, scoped, and authenticated.

  • Roll back cleanly if remote webhook registration fails.

For dispatch behavior:

  • Make duplicate deliveries safe where possible.

  • Do not dispatch secrets, raw access tokens, or internal-only metadata.

  • Be careful with multi-tenant systems: resolve the correct subscription and tenant every time.

Authentication and Authorization

Use defense in depth.

  • Set auth_token on the workflow server when you need a shared bearer token protecting server endpoints.

  • Use upstream-specific authentication for public webhook endpoints as well; a single shared token is often not enough for external-facing trigger routes.

  • Authorize based on the specific connection or subscription in use, not just on the fact that a request reached your server.

  • Do not trust client-provided tenant IDs, account IDs, or resource IDs without verifying they belong to the resolved connection.

OWASP-Aligned Guidance

Workflow servers are typical API services, so the OWASP guidance for web apps and APIs applies directly.

Focus especially on these areas:

  • Broken access control: verify that one connection cannot read, write, or trigger events for another connection.

  • Cryptographic failures: require HTTPS, protect secrets, and avoid leaking confidential data.

  • Security misconfiguration: disable debug settings in production, review CORS exposure, and avoid permissive defaults.

  • Vulnerable and outdated components: keep FastAPI, Pydantic, and other dependencies updated.

  • Identification and authentication failures: verify webhook signatures and protect internal endpoints.

  • Software and data integrity failures: validate inbound payloads and be cautious with dynamic code, templates, and untrusted packages.

  • Security logging and monitoring failures: log enough to investigate abuse, but never log secrets or sensitive payloads unnecessarily.

  • SSRF and unsafe outbound calls: if your integration calls external URLs, restrict and validate destinations instead of proxying arbitrary user-provided URLs.

  • Unsafe consumption of APIs: treat upstream systems as untrusted too. Validate responses before using or forwarding them.

Secure Connection Modeling

When defining Options and Secrets:

  • Keep Options for non-sensitive configuration such as baseUrl, region, or account identifiers.

  • Keep Secrets for API keys, client secrets, refresh tokens, signing secrets, and similar credentials.

  • Validate formats early. For example, restrict baseUrl to expected hosts or HTTPS URLs when possible.

  • Avoid collecting more data than the integration needs.

Example:

Logging and Error Handling

Good logs help incident response. Bad logs leak secrets.

  • Log high-level events such as action execution, trigger receipt, and dispatch failures.

  • Do not log tokens, API keys, authorization headers, or full webhook bodies unless there is a clear and safe reason.

  • Return clear user-facing errors, but do not expose stack traces, upstream secrets, or internal configuration.

  • Prefer explicit validation errors over mysterious downstream failures.

Operational Practices

  • Run production servers with dev_mode=False.

  • Rotate compromised credentials immediately.

  • Review which actions are destructive and who can install or invoke them.

  • Add rate limits or upstream backoff where abuse or accidental loops are possible.

  • Test failure cases: invalid signatures, wrong subscription IDs, missing secrets, replayed events, and upstream permission errors.

  • Keep documentation current. Security depends on operators understanding what each action and trigger really does.

Secure-by-Default Checklist

Before shipping a workflow server, confirm:

  • Secrets are stored only in Secrets.

  • Inbound trigger routes authenticate requests.

  • Action and trigger schemas are explicit and validated.

  • No secrets are exposed in results, payloads, docs, logs, or metadata.

  • Each connection and subscription is properly isolated.

  • Destructive actions are clearly named and documented.

  • Production config uses HTTPS and disables development-only settings.

  • Dependency updates and security reviews are part of normal maintenance.

PreviousJSON Schema - Flow builder expectations

Last updated

Was this helpful?