Product Scoop – March 2022
If you’re a basketball fan like Vijay, our CEO, then March is a month for madness. Here in the product team it’s been a month for stability, security and performance. Among this month’s releases are new data retention options to manage security and API performance. Also, a new way to test recipe functions, and new external secrets management support for our on-premise agent.
- Protect sensitive information with zero-retention
- Reduce API latency with zero-logging
- A new way to test recipe functions
- More options for on-prem security
- Connect Everything
Protect sensitive information with zero-retention
By default, every time one of your recipes runs, Workato stores detailed logs for the job. The logs include full details of the data processed by each step of the recipe. You can use the information in job logs to audit and troubleshoot your automations. The default amount of time Workato retains job log data is defined by your data retention policy.
However, because job logs record all data processed by a recipe, they can also include sensitive data and personally identifying information (PII). This data is encrypted-at-rest and you can customize what data is included in your job logs, and who can view them.
However, for some automations, you might not want to retain any log data for any amount of time. For example:
- Your organization may have data protection policies covering data stored in external platforms
- You may need to comply with regulatory requirements around handling PII.
To handle these situations, you can now opt not to store any data for a particular recipe. Just head to the Settings tab, and under Jobs data retention, select Do not store.
With zero logging enabled, no job data will be retained.
Read more about zero-retention in the full blog post.
Reduce API latency with zero-logging
Speed, performance and reliability are top priorities for API providers and consumers. In recent months updates to the API Gateway and new features like caching have led to lower latency for API requests. Now you can further reduce latency with zero-logging.
By default, whenever an API call is made, detailed logs are kept for each action in the underlying recipe, recording the input and output of each action, and a stack trace for all requests. While these logs are important for tracking and auditing requests, they do increase latency. For use cases where response time is critical and log retention is not required, you can disable logging for an individual recipe.
Disabling logging creates a significant saving in implementation latency. The more steps your recipe contains, the more time you’ll save by turning off logging.
Read more about managing API performance here.
A new way to test recipe functions
Testing early and often is vital to effective recipe design. Builders in Workato use test mode to safely test recipes as they’re building, testing not just a completed recipe, but each new or updated step. Testing this way makes it:
- Less likely that multiple points-of-failure will crop up in the same test
- Easier to diagnose errors
- Faster to get to a working outcome
To make it even easier to test as you build, we’re excited to announce a new method for testing recipe functions.
Just set the recipe to test mode, and you can manually enter data to test the recipe function. The data you need to provide is determined by the recipe functions input schema.
You can also provide the trigger data in a standard JSON format. Working in JSON format can help you work with large, or nested trigger payloads. You can also prepare a suite of tests in advance and paste in each scenario you want to test.
Read more about testing recipe functions in the full blog post.
More options for on-prem security
The on-premise agent (OPA) provides a secure way to access data in any application, database, ERP, device, or folder in your on-prem network. With the OPA providing a single point of contact behind your firewall, you can give selective access to only the data you need, without having to open multiple ports in your firewall for each system.
This month, a new version of the OPA allows you to connect to Azure Key Vault to manage passwords for all your on-prem connections, in addition to the existing support for AWS Secrets Manager. Using an external secrets manager offers several major benefits.
Comply with your security policies
Your organization’s security policy may require you to manage database secrets in a central repository, to reduce vulnerable surface area. Connecting to an external secrets manager allows you to stay in compliance with that policy without losing the ability to access on-prem data.
Rotate keys for extra security
It’s common for organizations to require regular rotation of database keys, to limit the chances of a compromised key. Connecting to an external secrets manager, you can configure automatic key rotation, and forget the hassle of manually rotating the credentials for each on-prem app.
Multiple OPAs for performance and reliability
It’s a best practice to set up multiple identical instances of the OPA. This allows for load balancing, high availability and zero downtime updates. By connecting to an external secrets manager, you can share the same profile between all agents. This saves time and reduces the potential for inconsistencies, especially if combined with the need to rotate keys.
More new capabilities
- Native support for SSL/TLS connections to PostgreSQL and MySQL databases
- Support for multi-value attributes in Microsoft Active Directory
- An improved shutdown procedure to shutdown an OPA without effecting any active ongoing jobs.
- New platform APIs to automate the management of on-prem groups and agents.
Read the full release notes for version 2.1 here.
Connect Everything
Process leads from Facebook in real time
The new Facebook Lead Ads connector surfaces leads from your Facebook ad campaigns in real time. Enrich, process and act on your leads as soon as they’re available.
In addition, you can now use the Facebook connector to get more detailed insights on your ads. Track your impressions and spending not just at the campaign level, but also for each individual adset.
Search by anonymized user IDs in Jira
Jira recently introduced changes to support GDPR compliance. In GDPR strict mode, querying by username is no longer permitted.
For this reason, we’ve updated the Search Assignable Users action to support querying by the assignee name, or the anonymized Assignee Account ID.
Get custom object schema from Microsoft Dynamics CRM
To support simple replication of data from Microsoft Dynamics CRM to your databases, you can use the Get object schema action to fetch a detailed schema for any Dynamics object.
However, you may not want to replicate every available field in an object. For this reason, you can now select only the fields that you actually need for inclusion in the object schema.