Connect

Host Inconvo Connect Container

Inconvo Connect is a docker container that hosts an express server and exposes two methods on the /inconvo endpoint.

Method	Purpose
GET	Retrieve database schema
POST	Connect the database to retrieve the appropriate data

• Deploy Inconvo Connect in your VPC and allow inbound HTTPS traffic.
• The Inconvo API will only send requests to an Inconvo Connect endpoint that has a valid HTTPS certificate.
• The Inconvo API will send its message with the following additional data as HTTP headers:

Header	Description
inconvo-timestamp	The timestamp that the message was issued
inconvo-random	A server-side generated random string
inconvo-signature	A hash-based message authentication code generated from a combination of the timestamp, the random number, and the message itself, using a shared signing secret between that API and the Connect endpoint.

• On receipt of a message Inconvo Connect will validate that all the appropriate data is provided and that the message is recent.

• Using the shared signing secret Inconvo connect will generate its own hash based message authenticate code with the detail provided in the request and ensure that the signatures match.

• If the signatures match then the message could have only originated from Inconvo as any other party would not know the signing secret needed to generate the HMAC.

VPC (Optional)

• Deploy Inconvo Connect inside your VPC ( not publicly accessible)
• Establish a Site-to-Site VPN between your VPC and the Inconvo VPC.
• Configure the security group to allow HTTPS traffic to the security group attached to Inconvo Connect where the source address is within the Inconvo VPC CIDR range.
• Configure the VPN to block all other traffic.

Deploy

Simply set the following environment variables then deploy.

INCONVO_DATABASE_URL="postgresql://username:password@host:2468/db"
INCONVO_SECRET_KEY="ss-prod-XYZ"
INCONVO_API_KEY="XYZ"

Connect to Inconvo

Simply go to the connect tab in Inconvo and paste the URL of your deployed Inconvo Connect.