I have setup API Extract Profile with Auth enabled using Bearer Token as authentication type. In profile, I am trying with hard code values, it is working fine.
However, when I am using the API Extract in my ETL job & the encrypted token is fetched from DB (it is dynamic, changes according to my query string parameter) & then is decyrpted using Python script component that is stored in a matillion job variable. Now, when I am passing the variable in password manager (via variable setting), it is giving error - Unrecognised password name [Bearer mydecryptedtoken].
I have just seen your post, were you able to resolve this? we do have some documentation based on this subject here, hopefully, that can help, if not let me know and we can have another look.
When I past the given token direct into the component it works fine (see image below). I assume this should also be possible dynamically by using a variable.
I had looked into something similar once and I think the problem you are seeing is as follows.
When you are using the "Use Variable" checkbox, notice that it wants you to put the variable name in the "Use Password Manager" prompt at the top. Also, you will see that the error message says "Unrecognized password name" -- "name" being the critical word here. When you are using the "Use Variable" checkbox, Matillion is expecting the variable value to be the name of an item stored in the password manager, it is NOT treating the variable value as the actual bearer token value. So in your case Matillion is looking for a Password Manager entry named "Bearer a8337953d3d5a8d5a0f945" and not finding it.
In the bottom "Store in component" field, Matillion is expecting the field value to be the actual bearer token. However, the "Store in component" field does NOT support using variables - so I believe your use case is simply not supported currently.
In my case, we went a different route and stored the secrets in a Secrets Manager and had Matillion access those secrets using the Secrets Manager integration https://documentation.matillion.com/docs/1977834
This is more involved but allows for programmatically updated secrets. Another possible way might be to use the Matillion API to create/update stored password entries, but I've not actually used that before.
This is not the right way to use this component. The Password Manager option expects the name of the PM entry (as Stan mentioned before) and the Store in Component option expects a token, so the variablename will be used as a token, not the variable's value.
Follow these steps:
Create your Query Profile as usual, with bearer token, and set it up completely (after this step, the token you have used is maybe no longer valid or not the right one for the future context, but that's ok)
Configure your API Extract component as you would normally, but set the Authentication Method to Other or None
Then, in the Connection Options of the component, add an entry for CustomHeaders and use value "Authorization: Bearer ${token}" (without the quotes and token being the name of your variable)
That's all there is to it.
This will create a http header entry of type Authorization in the API call, with value Bearer, a space, and followed by your token.
You can use Postman to mimic this behaviour manually if you would like to see how it all looks.
In addition: for the topic starter, a valid solution would have been to store the tokens in Password Manager, and then store each entry's name in the database, rather than the token itself. The tokens are safely encrypted in the Password Manager and no need to use encryption/decription Python script.
The variable wold just hold the name of the Password Manager entry as stored in the database and pass this to the component which in turn would fetch and decrypt the token.
