Transitioning to FileMaker Cloud for our client’s web app presented some interesting challenges, particularly with MFA and Data API authentication. Through research, experimentation, and adaptation we were able to address these issues. Xandon Frogget
Transitioning to FileMaker Cloud for our client’s web app presented some interesting challenges, particularly with MFA and Data API authentication. Through research, experimentation, and adaptation we were able to address these issues.
We specialize in FileMaker application development and see frequently how building a web-based FileMaker app can significantly enhance your business’s efficiency and reach. I’ve observed firsthand how this technology can transform the way companies manage data and interact with customers. However, merging a web app with FileMaker data is not without its challenges.
Our latest venture involved building a web application for students to submit data through a form, pushing this data to a FileMaker solution for storage and analysis. This blog post chronicles our journey from the initial hosting strategy to navigating the unforeseen challenges presented by FileMaker Cloud: in particular, Multi-Factor Authentication (MFA) and Data API authentication, and shares the valuable insights we gained.
Our client needed a scalable web application capable of managing student-entered data submissions. We engineered a solution utilizing Angular for the front end and Java for the back end, integrated with an SQL database. The objective was to forward this data to their FileMaker files hosted on an Amazon Web Services EC2 instance, utilizing FileMaker Data API’s basic authentication for smooth integration. Once this process had successfully passed our final testing phase, it was ready for deployment. As we were setting up the production environment, however, an unexpected change in plans occurred.
As testing was concluding, a significant change in requirements prompted us to reassess our FileMaker server hosting solution. The client wanted to use MFA for their FileMaker user authentication requirements and wanted security certifications for the hosting environment. While there were several options, such as Google Oauth, they presented their own hurdles. FileMaker Cloud emerged as the leading option, both for its built-in MFA capabilities and its SOC2 compliance, offering enhanced security without the need for complex external configurations. We were optimistic about this seemingly straightforward transition from AWS EC2 hosting. Unfortunately, our optimism was quickly tempered by reality.
We began by moving a test copy of the FileMaker files to FileMaker Cloud to test that environment. We hit a couple of snags.
Transferring the FileMaker files to the new server proved challenging. Some of the existing container files were not secure and required updates, and while this fix was manageable, a few records resisted the process. Despite our efforts, some of the container data could not be migrated. We tried using the migration assistant to no avail and eventually deleted the records with problematic container fields before hosting the solution and importing the fields back afterward. A small subset of records failed to import with their container data, which led to a discussion with the client about the potential loss of these records. The client accepted the loss, opting to keep a local backup of the specific records for reference.
The next hurdle arose when updating the endpoint in the web app for data submission to FileMaker via the Data API; the process would stall during the authentication phase. After verifying the failure through Postman, we discovered significant differences in authentication handling with FileMaker Cloud.
Adopting FileMaker Cloud introduced a new set of challenges – Data API calls that had once worked seamlessly with our original on premise setup were now unsuccessful. A little more digging was in order!
Our research led us to a blog post by Wim Decort, which detailed the process for managing FileMaker Cloud’s Data API authentication mechanism. Following the FileMaker Cloud documentation for their integration with AWS Cognito, we were able to create and host the web service provided to make it all work again.
Once we had a test process, we attempted to rework that process into the backend of the web app, which used Java. Here we discovered some limitations with the AWS Cognito Java SDK, as it lacked flexibility when using the AWS Cognito authentication process with FileMaker Cloud.
Ultimately, we fell back on hosting the web service using a node.js process to handle the AWS Cognito requests and postponed including it in the web app itself. In the future, we will host a microservice within the current web app’s Kubernetes cluster and will streamline deployment and management alongside the web app.
While the added overhead of using AWS Cognito was a bit of a surprise, the overall benefit included secure authentication using industry-standard protocols and algorithms, such as OAuth 2.0 and OpenID Connect.
We also learned additional details about licensing, user accounts needed to support this approach, and working with MFA. To use the FileMaker Data API requires having a user account to make the API request. That user also needs to have MFA disabled on their account. To protect this account, we opted for using a specific one that would only be used by the web app for making API calls. In this instance, where the clients were paying for a ten-user license, they had to dedicate one of those accounts for the Data API calls, lowering the total physical user count to only nine.
However, shortly after this deployment, Claris rectified the long-standing pain point of needing to use one of a client’s licenses for developer access and we were able to free up that tenth license for client use. Claris now provides a free-of-charge additional developer user on each FileMaker Cloud Essential instance and two such licenses for Cloud Standard accounts. We are grateful for this change – it means a smoother process for migration and onboarding, development and troubleshooting, and for providing ongoing support for our FileMaker Cloud customers.
Whether you are looking to turn your FileMaker solution into a web application, need a solution built from scratch, or would like to transform your existing program, keep in mind a couple of things. We have the skills to accomplish what you’d like to have done – we’ve been in the FileMaker space for over thirty years. But we also have the ingenuity and insight to move through any hurdles that may arise. We research, learn, and iterate so that we can accomplish the goals you have for your company. Contact us below to make a plan for your ideas.
Xandon Frogget, Senior Application Developer, brings 16 years of corporate experience at OfficeMax, where he designed FileMaker solutions for their large-scale printing and production facilities. He has a knack for working in corporate environments, understanding needs from the user’s point of view, and communicating and training staff for seamless transitions.
MFA adds a layer of security, requiring users to verify identity through two or more verification methods before accessing the database.
Enable MFA through the FileMaker Cloud Admin Console under Security settings. Follow the prompts to set up authentication methods.
Yes, FileMaker Cloud supports third-party authenticators that use TOTP (Time-Based One-Time Password) algorithm, such as Google Authenticator.
Contact your FileMaker Cloud administrator immediately to reset your MFA settings and regain access through a new device.
MFA is highly recommended for enhanced security but can be configured for specific users or groups based on the administrator’s discretion.
Your email address will not be published. Required fields are marked *
Comment *
Name
Email
Website
Save my name, email, and website in this browser for the next time I comment.
Post Comment
