The purpose of this document is to detail all interactions involved in setting up an external classification source and explain the process of doing so.
graph TD
User -- 1 visits, configures --> App[Source Provider Application]
App -- 2 authorizes with --> Storage
App -- 3 authorizes with --> API[Public API facade]
App -- 4 registers CC source +authHeader --> API
API -- 5.1 registers source +authHeader --> Middleman[Validation and Auth Proxy]
API -- 5.2 registers source +proxy --> Protect[Egnyte Protect]
Protect -- 6A polls --> Middleman
Middleman -- 6B proxies +authHeader --> App
App -- 6C verifies authHeader --> App
App -- 6D exposes --> Storage
- 1-5 happen as a direct result of user interaction
- 6 is the flow of fetching data for classification
authHeader is defined by the Source Provider Application and is then used by Egnyte Protect to authorize its access to the source.- Source Provider Application is responsible for keeping authorization with the Storage
- "Register CC source" action via public API is authorized with the Public API token, which points to the service user of a tenant the User belongs to, resulting in the source showing up for the particular tenant in Egnyte Protect
| Actors |
|
| User |
An admin-level user of both Egnyte Protect and the Storage being added as source |
| App |
Source Provider Application - an integration available for Egnyte Protect |
| Storage |
Storage containing files to be classified |
| API |
The Public API layer exposed by Egnyte Protect |
| ProxyService |
Validation and Auth Proxy, can also be used standalone for testing the implementation of the App |
| Protect |
Egnyte Protect - Classification services |
sequenceDiagram
User->>App: visit, provide inputs
App->>Storage: authorize
Storage-->>User: ask
User->>Storage: confirm authorization
Storage-->>App: token0
App->>API: authorize (OAuth2)
API-->>User: ask
User->>API: confirm authorization
API-->>App: token1
Note over API,ProxyService: token points to a tenant
App->>API: register source +authHeader
API->>ProxyService: register source +authHeader
ProxyService-->>API: +proxyURL
API->>Protect: register source +proxyURL
Protect-->>API: confirm
API-->>App: +sourceId
App-->>User: confirm configuration complete
opt
User->>Protect: visit
Protect-->User: show new source on the list
end
Protect->>ProxyService: discovery
ProxyService->>App: discovery
App-->>ProxyService: +URLs
ProxyService->>Protect: +URLs
loop Hourly scan
Protect->>ProxyService: list FS metadata
ProxyService->>App: list metadata +authHeader
App->>App: check authHeader
App->>Storage: query metadata
Storage-->>App: +FSmetadata
App-->>ProxyService: +FSmetadata
ProxyService->>ProxyService: validate
alt Valid response
ProxyService-->>Protect: pass response +FSmetadata
else Invalid response
ProxyService->>App: report validation error
Note over ProxyService,App: A request with details is made to the report endpoint
end
end
loop For each file - fetch content
alt Content URLs require auth
Protect->>ProxyService: get file
ProxyService->>App: get file +authHeader
App->>App: check authHeader
App->>Storage: get file
Storage-->>App: +file content
App-->>ProxyService: +file content
ProxyService-->>Protect: +file content
else Content URLs public
Protect->>Storage: get file content
Storage-->>Protect: +file content
end
end